Vendor CVEs
Dlink
All CVEs
1,843 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-44959 | 0.04 | — | 0.21 | Oct 10, 2023 | An issue found in D-Link DSL-3782 v.1.03 and before allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page. | |||
| CVE-2023-33782 | 0.04 | — | 0.43 | Jun 7, 2023 | D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function. | |||
| CVE-2023-25279 | 0.04 | — | 0.32 | Mar 13, 2023 | OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload. | |||
| CVE-2022-46552 | 0.04 | — | 0.10 | Feb 2, 2023 | D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request. | |||
| CVE-2022-28573 | 0.04 | — | 0.27 | May 2, 2022 | D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the system_time_timezone parameter. | |||
| CVE-2020-18568 | 0.04 | — | 0.15 | Feb 2, 2021 | The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution. | |||
| CVE-2019-17525 | 0.04 | — | 0.06 | Apr 21, 2020 | The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks. | |||
| CVE-2019-20501 | 0.04 | — | 0.90 | Mar 5, 2020 | D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter. | |||
| CVE-2013-5945 | 0.04 | — | 0.10 | Feb 11, 2020 | Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to… | |||
| CVE-2019-19743 | 0.04 | — | 0.09 | Dec 16, 2019 | On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal. | |||
| CVE-2018-19986 | 0.04 | — | 0.42 | May 13, 2019 | In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is saved in the… | |||
| CVE-2018-20056 | 0.04 | — | 0.07 | Dec 11, 2018 | An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. There is a stack-based buffer overflow allowing remote attackers to execute arbitrary code without authentication via the goform/formLanguageChange currTime parameter. | |||
| CVE-2014-4927 | 0.04 | — | 0.11 | Jul 24, 2014 | Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request. | |||
| CVE-2012-5306 | 0.04 | — | 0.12 | Oct 6, 2012 | Stack-based buffer overflow in the SelectDirectory method in DcsCliCtrl.dll in Camera Stream Client ActiveX Control, as used in D-Link DCS-5605 PTZ IP Network Camera, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long… | |||
| CVE-2008-4771 | 0.04 | — | 0.07 | Oct 28, 2008 | Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39), and possibly… | |||
| CVE-2006-5536 | 0.04 | — | 0.14 | Oct 26, 2006 | Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter. | |||
| CVE-2006-2901 | 0.04 | — | 0.09 | Jun 7, 2006 | The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords. | |||
| CVE-2025-22968 | 0.03 | — | 0.02 | Jan 15, 2025 | An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions | |||
| CVE-2024-51151 | 0.03 | — | 0.30 | Nov 20, 2024 | D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter. | |||
| CVE-2024-42812 | 0.03 | — | 0.16 | Aug 19, 2024 | In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. | |||
| CVE-2024-7828 | 0.03 | — | 0.16 | Aug 15, 2024 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05… | |||
| CVE-2023-32165 | 0.03 | — | 0.73 | May 3, 2024 | D-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The… | |||
| CVE-2023-32164 | 0.03 | — | 0.85 | May 3, 2024 | D-Link D-View TftpSendFileThread Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The… | |||
| CVE-2023-51123 | 0.03 | — | 0.24 | Jan 10, 2024 | An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component. | |||
| CVE-2023-43284 | 0.03 | — | 0.02 | Oct 5, 2023 | D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 100A53DBR-Retail devices allow an authenticated remote attacker to execute arbitrary code via an unspecified manipulation of the QoS POST parameter. | |||
| CVE-2023-39750 | 0.03 | — | 0.13 | Aug 21, 2023 | D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the f_ipv6_enable parameter at /bsc_ipv6. This vulnerability is exploited via a crafted POST request. | |||
| CVE-2023-33781 | 0.03 | — | 0.36 | Jun 7, 2023 | An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing a crafted file. | |||
| CVE-2022-40946 | 0.03 | — | 0.08 | Apr 16, 2023 | On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via the sys_token parameter in a cgi-bin/webproc?getpage=html/index.html request. | |||
| CVE-2022-46476 | 0.03 | — | 0.41 | Jan 19, 2023 | D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function. | |||
| CVE-2022-37057 | 0.03 | — | 0.25 | Aug 28, 2022 | D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Command Injection via cgibin, ssdpcgi_main. | |||
| CVE-2021-46319 | 0.03 | — | 0.06 | Feb 17, 2022 | Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use "\ " or backticks to bypass the shell metacharacters in the ssid0 or ssid1 parameters to execute… | |||
| CVE-2021-46315 | 0.03 | — | 0.06 | Feb 17, 2022 | Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this vulnerability to use "\ " or backticks in the shell metacharacters in the… | |||
| CVE-2020-25368 | 0.03 | — | 0.13 | Nov 4, 2021 | A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login. | |||
| CVE-2021-26709 | 0.03 | — | 0.40 | Apr 7, 2021 | D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that are no longer supported… | |||
| CVE-2021-26810 | 0.03 | — | 0.05 | Mar 30, 2021 | D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi, which can lead to command injection via shell metacharacters in the… | |||
| CVE-2013-7053 | 0.03 | — | 0.03 | Feb 4, 2020 | D-Link DIR-100 4.03B07: cli.cgi CSRF | |||
| CVE-2014-3136 | 0.03 | — | 0.03 | Dec 27, 2019 | Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors. | |||
| CVE-2019-19742 | 0.03 | — | 0.20 | Dec 18, 2019 | On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field. | |||
| CVE-2019-10891 | 0.03 | — | 0.19 | Sep 6, 2019 | An issue was discovered in D-Link DIR-806 devices. There is a command injection in function hnap_main, which calls system() without checking the parameter that can be controlled by user, and finally allows remote attackers to execute arbitrary shell commands with a special HTTP… | |||
| CVE-2018-19989 | 0.03 | — | 0.06 | May 13, 2019 | In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices. In the SetQoSSettings.php source code, the uplink parameter is saved in the /bwc/entry:1/bandwidth and… | |||
| CVE-2019-10999 | 0.03 | — | 0.04 | May 6, 2019 | The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting… | |||
| CVE-2019-11017 | 0.03 | — | 0.02 | Apr 18, 2019 | On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter. | |||
| CVE-2019-7298 | 0.03 | — | 0.10 | Feb 1, 2019 | An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with… | |||
| CVE-2015-5999 | 0.03 | — | 0.03 | Nov 18, 2015 | Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network… | |||
| CVE-2015-1028 | 0.03 | — | 0.03 | Jan 21, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName… | |||
| CVE-2014-4645 | 0.03 | — | 0.01 | Jun 25, 2014 | Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname. | |||
| CVE-2013-5730 | 0.03 | — | 0.01 | Nov 20, 2013 | Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or disable Wireless MAC Address Filters via a wlFltMode action to… | |||
| CVE-2013-3095 | 0.03 | — | 0.01 | Nov 20, 2013 | Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR865L router (Rev. A1) with firmware before 1.05b07 allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password or (2) enable remote… | |||
| CVE-2013-2271 | 0.03 | — | 0.05 | Nov 19, 2013 | The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain administrator access via a request to login.cgi. | |||
| CVE-2013-6027 | 0.03 | — | 0.05 | Oct 19, 2013 | Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/tools_misc.xgi. |
- CVE-2023-44959Oct 10, 2023risk 0.04cvss —epss 0.21
An issue found in D-Link DSL-3782 v.1.03 and before allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page.
- CVE-2023-33782Jun 7, 2023risk 0.04cvss —epss 0.43
D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function.
- CVE-2023-25279Mar 13, 2023risk 0.04cvss —epss 0.32
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload.
- CVE-2022-46552Feb 2, 2023risk 0.04cvss —epss 0.10
D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request.
- CVE-2022-28573May 2, 2022risk 0.04cvss —epss 0.27
D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the system_time_timezone parameter.
- CVE-2020-18568Feb 2, 2021risk 0.04cvss —epss 0.15
The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution.
- CVE-2019-17525Apr 21, 2020risk 0.04cvss —epss 0.06
The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks.
- CVE-2019-20501Mar 5, 2020risk 0.04cvss —epss 0.90
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter.
- CVE-2013-5945Feb 11, 2020risk 0.04cvss —epss 0.10
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to…
- CVE-2019-19743Dec 16, 2019risk 0.04cvss —epss 0.09
On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal.
- CVE-2018-19986May 13, 2019risk 0.04cvss —epss 0.42
In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is saved in the…
- CVE-2018-20056Dec 11, 2018risk 0.04cvss —epss 0.07
An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. There is a stack-based buffer overflow allowing remote attackers to execute arbitrary code without authentication via the goform/formLanguageChange currTime parameter.
- CVE-2014-4927Jul 24, 2014risk 0.04cvss —epss 0.11
Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request.
- CVE-2012-5306Oct 6, 2012risk 0.04cvss —epss 0.12
Stack-based buffer overflow in the SelectDirectory method in DcsCliCtrl.dll in Camera Stream Client ActiveX Control, as used in D-Link DCS-5605 PTZ IP Network Camera, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long…
- CVE-2008-4771Oct 28, 2008risk 0.04cvss —epss 0.07
Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39), and possibly…
- CVE-2006-5536Oct 26, 2006risk 0.04cvss —epss 0.14
Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter.
- CVE-2006-2901Jun 7, 2006risk 0.04cvss —epss 0.09
The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords.
- CVE-2025-22968Jan 15, 2025risk 0.03cvss —epss 0.02
An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions
- CVE-2024-51151Nov 20, 2024risk 0.03cvss —epss 0.30
D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter.
- CVE-2024-42812Aug 19, 2024risk 0.03cvss —epss 0.16
In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.
- CVE-2024-7828Aug 15, 2024risk 0.03cvss —epss 0.16
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05…
- CVE-2023-32165May 3, 2024risk 0.03cvss —epss 0.73
D-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The…
- CVE-2023-32164May 3, 2024risk 0.03cvss —epss 0.85
D-Link D-View TftpSendFileThread Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The…
- CVE-2023-51123Jan 10, 2024risk 0.03cvss —epss 0.24
An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component.
- CVE-2023-43284Oct 5, 2023risk 0.03cvss —epss 0.02
D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 100A53DBR-Retail devices allow an authenticated remote attacker to execute arbitrary code via an unspecified manipulation of the QoS POST parameter.
- CVE-2023-39750Aug 21, 2023risk 0.03cvss —epss 0.13
D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the f_ipv6_enable parameter at /bsc_ipv6. This vulnerability is exploited via a crafted POST request.
- CVE-2023-33781Jun 7, 2023risk 0.03cvss —epss 0.36
An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing a crafted file.
- CVE-2022-40946Apr 16, 2023risk 0.03cvss —epss 0.08
On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via the sys_token parameter in a cgi-bin/webproc?getpage=html/index.html request.
- CVE-2022-46476Jan 19, 2023risk 0.03cvss —epss 0.41
D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function.
- CVE-2022-37057Aug 28, 2022risk 0.03cvss —epss 0.25
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Command Injection via cgibin, ssdpcgi_main.
- CVE-2021-46319Feb 17, 2022risk 0.03cvss —epss 0.06
Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use "\ " or backticks to bypass the shell metacharacters in the ssid0 or ssid1 parameters to execute…
- CVE-2021-46315Feb 17, 2022risk 0.03cvss —epss 0.06
Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this vulnerability to use "\ " or backticks in the shell metacharacters in the…
- CVE-2020-25368Nov 4, 2021risk 0.03cvss —epss 0.13
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login.
- CVE-2021-26709Apr 7, 2021risk 0.03cvss —epss 0.40
D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that are no longer supported…
- CVE-2021-26810Mar 30, 2021risk 0.03cvss —epss 0.05
D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi, which can lead to command injection via shell metacharacters in the…
- CVE-2013-7053Feb 4, 2020risk 0.03cvss —epss 0.03
D-Link DIR-100 4.03B07: cli.cgi CSRF
- CVE-2014-3136Dec 27, 2019risk 0.03cvss —epss 0.03
Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors.
- CVE-2019-19742Dec 18, 2019risk 0.03cvss —epss 0.20
On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field.
- CVE-2019-10891Sep 6, 2019risk 0.03cvss —epss 0.19
An issue was discovered in D-Link DIR-806 devices. There is a command injection in function hnap_main, which calls system() without checking the parameter that can be controlled by user, and finally allows remote attackers to execute arbitrary shell commands with a special HTTP…
- CVE-2018-19989May 13, 2019risk 0.03cvss —epss 0.06
In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices. In the SetQoSSettings.php source code, the uplink parameter is saved in the /bwc/entry:1/bandwidth and…
- CVE-2019-10999May 6, 2019risk 0.03cvss —epss 0.04
The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting…
- CVE-2019-11017Apr 18, 2019risk 0.03cvss —epss 0.02
On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter.
- CVE-2019-7298Feb 1, 2019risk 0.03cvss —epss 0.10
An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with…
- CVE-2015-5999Nov 18, 2015risk 0.03cvss —epss 0.03
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network…
- CVE-2015-1028Jan 21, 2015risk 0.03cvss —epss 0.03
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName…
- CVE-2014-4645Jun 25, 2014risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname.
- CVE-2013-5730Nov 20, 2013risk 0.03cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or disable Wireless MAC Address Filters via a wlFltMode action to…
- CVE-2013-3095Nov 20, 2013risk 0.03cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR865L router (Rev. A1) with firmware before 1.05b07 allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password or (2) enable remote…
- CVE-2013-2271Nov 19, 2013risk 0.03cvss —epss 0.05
The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain administrator access via a request to login.cgi.
- CVE-2013-6027Oct 19, 2013risk 0.03cvss —epss 0.05
Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/tools_misc.xgi.
Page 10 of 37