VYPR

Vendor CVEs

Dlink

All CVEs

1,843 total · sorted by risk
  • CVE-2023-44959Oct 10, 2023
    risk 0.04cvss epss 0.21

    An issue found in D-Link DSL-3782 v.1.03 and before allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page.

  • CVE-2023-33782Jun 7, 2023
    risk 0.04cvss epss 0.43

    D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function.

  • CVE-2023-25279Mar 13, 2023
    risk 0.04cvss epss 0.32

    OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload.

  • CVE-2022-46552Feb 2, 2023
    risk 0.04cvss epss 0.10

    D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request.

  • CVE-2022-28573May 2, 2022
    risk 0.04cvss epss 0.27

    D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the system_time_timezone parameter.

  • CVE-2020-18568Feb 2, 2021
    risk 0.04cvss epss 0.15

    The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution.

  • CVE-2019-17525Apr 21, 2020
    risk 0.04cvss epss 0.06

    The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks.

  • CVE-2019-20501Mar 5, 2020
    risk 0.04cvss epss 0.90

    D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter.

  • CVE-2013-5945Feb 11, 2020
    risk 0.04cvss epss 0.10

    Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to…

  • CVE-2019-19743Dec 16, 2019
    risk 0.04cvss epss 0.09

    On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal.

  • CVE-2018-19986May 13, 2019
    risk 0.04cvss epss 0.42

    In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is saved in the…

  • CVE-2018-20056Dec 11, 2018
    risk 0.04cvss epss 0.07

    An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. There is a stack-based buffer overflow allowing remote attackers to execute arbitrary code without authentication via the goform/formLanguageChange currTime parameter.

  • CVE-2014-4927Jul 24, 2014
    risk 0.04cvss epss 0.11

    Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request.

  • CVE-2012-5306Oct 6, 2012
    risk 0.04cvss epss 0.12

    Stack-based buffer overflow in the SelectDirectory method in DcsCliCtrl.dll in Camera Stream Client ActiveX Control, as used in D-Link DCS-5605 PTZ IP Network Camera, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long…

  • CVE-2008-4771Oct 28, 2008
    risk 0.04cvss epss 0.07

    Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39), and possibly…

  • CVE-2006-5536Oct 26, 2006
    risk 0.04cvss epss 0.14

    Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter.

  • CVE-2006-2901Jun 7, 2006
    risk 0.04cvss epss 0.09

    The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords.

  • CVE-2025-22968Jan 15, 2025
    risk 0.03cvss epss 0.02

    An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions

  • CVE-2024-51151Nov 20, 2024
    risk 0.03cvss epss 0.30

    D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter.

  • CVE-2024-42812Aug 19, 2024
    risk 0.03cvss epss 0.16

    In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.

  • CVE-2024-7828Aug 15, 2024
    risk 0.03cvss epss 0.16

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05…

  • CVE-2023-32165May 3, 2024
    risk 0.03cvss epss 0.73

    D-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The…

  • CVE-2023-32164May 3, 2024
    risk 0.03cvss epss 0.85

    D-Link D-View TftpSendFileThread Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The…

  • CVE-2023-51123Jan 10, 2024
    risk 0.03cvss epss 0.24

    An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component.

  • CVE-2023-43284Oct 5, 2023
    risk 0.03cvss epss 0.02

    D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 100A53DBR-Retail devices allow an authenticated remote attacker to execute arbitrary code via an unspecified manipulation of the QoS POST parameter.

  • CVE-2023-39750Aug 21, 2023
    risk 0.03cvss epss 0.13

    D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the f_ipv6_enable parameter at /bsc_ipv6. This vulnerability is exploited via a crafted POST request.

  • CVE-2023-33781Jun 7, 2023
    risk 0.03cvss epss 0.36

    An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing a crafted file.

  • CVE-2022-40946Apr 16, 2023
    risk 0.03cvss epss 0.08

    On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via the sys_token parameter in a cgi-bin/webproc?getpage=html/index.html request.

  • CVE-2022-46476Jan 19, 2023
    risk 0.03cvss epss 0.41

    D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function.

  • CVE-2022-37057Aug 28, 2022
    risk 0.03cvss epss 0.25

    D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Command Injection via cgibin, ssdpcgi_main.

  • CVE-2021-46319Feb 17, 2022
    risk 0.03cvss epss 0.06

    Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use "\ " or backticks to bypass the shell metacharacters in the ssid0 or ssid1 parameters to execute…

  • CVE-2021-46315Feb 17, 2022
    risk 0.03cvss epss 0.06

    Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this vulnerability to use "\ " or backticks in the shell metacharacters in the…

  • CVE-2020-25368Nov 4, 2021
    risk 0.03cvss epss 0.13

    A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login.

  • CVE-2021-26709Apr 7, 2021
    risk 0.03cvss epss 0.40

    D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that are no longer supported…

  • CVE-2021-26810Mar 30, 2021
    risk 0.03cvss epss 0.05

    D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi, which can lead to command injection via shell metacharacters in the…

  • CVE-2013-7053Feb 4, 2020
    risk 0.03cvss epss 0.03

    D-Link DIR-100 4.03B07: cli.cgi CSRF

  • CVE-2014-3136Dec 27, 2019
    risk 0.03cvss epss 0.03

    Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors.

  • CVE-2019-19742Dec 18, 2019
    risk 0.03cvss epss 0.20

    On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field.

  • CVE-2019-10891Sep 6, 2019
    risk 0.03cvss epss 0.19

    An issue was discovered in D-Link DIR-806 devices. There is a command injection in function hnap_main, which calls system() without checking the parameter that can be controlled by user, and finally allows remote attackers to execute arbitrary shell commands with a special HTTP…

  • CVE-2018-19989May 13, 2019
    risk 0.03cvss epss 0.06

    In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices. In the SetQoSSettings.php source code, the uplink parameter is saved in the /bwc/entry:1/bandwidth and…

  • CVE-2019-10999May 6, 2019
    risk 0.03cvss epss 0.04

    The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting…

  • CVE-2019-11017Apr 18, 2019
    risk 0.03cvss epss 0.02

    On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter.

  • CVE-2019-7298Feb 1, 2019
    risk 0.03cvss epss 0.10

    An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with…

  • CVE-2015-5999Nov 18, 2015
    risk 0.03cvss epss 0.03

    Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network…

  • CVE-2015-1028Jan 21, 2015
    risk 0.03cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName…

  • CVE-2014-4645Jun 25, 2014
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname.

  • CVE-2013-5730Nov 20, 2013
    risk 0.03cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or disable Wireless MAC Address Filters via a wlFltMode action to…

  • CVE-2013-3095Nov 20, 2013
    risk 0.03cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR865L router (Rev. A1) with firmware before 1.05b07 allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password or (2) enable remote…

  • CVE-2013-2271Nov 19, 2013
    risk 0.03cvss epss 0.05

    The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain administrator access via a request to login.cgi.

  • CVE-2013-6027Oct 19, 2013
    risk 0.03cvss epss 0.05

    Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/tools_misc.xgi.

Page 10 of 37