Vendor CVEs
Dlink
All CVEs
1,843 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-5319 | 0.03 | — | 0.01 | Oct 8, 2012 | Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the rootpass parameter. | |||
| CVE-2012-1308 | 0.03 | — | 0.02 | Oct 8, 2012 | Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter. | |||
| CVE-2010-0936 | 0.03 | — | 0.02 | Mar 8, 2010 | Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter. | |||
| CVE-2008-4133 | 0.03 | — | 0.04 | Sep 19, 2008 | The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters. | |||
| CVE-2006-6538 | 0.03 | — | 0.03 | Dec 14, 2006 | D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the wireless link. | |||
| CVE-2006-6055 | 0.03 | — | 0.06 | Nov 22, 2006 | Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 wireless adapter allows remote attackers to execute arbitrary code via a 802.11 beacon request with a long Rates information element (IE). | |||
| CVE-2006-2653 | 0.03 | — | 0.02 | May 30, 2006 | Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter. | |||
| CVE-2006-0784 | 0.03 | — | 0.03 | Feb 19, 2006 | D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of "GET" followed by a space and two newlines, possibly triggering the crash due to missing arguments. | |||
| CVE-2005-4723 | 0.03 | — | 0.03 | Dec 31, 2005 | D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment. | |||
| CVE-2004-0615 | 0.03 | — | 0.02 | Dec 6, 2004 | Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request. | |||
| CVE-2004-1650 | 0.03 | — | 0.03 | Aug 31, 2004 | D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet. | |||
| CVE-2002-1865 | 0.03 | — | 0.03 | Dec 31, 2002 | Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4.68, Dl-704 V2.56b6, and Dl-704 V2.56b5 and (2) Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 through 1.42.7 and Linksys WAP11 1.3 and 1.4, allows remote attackers to cause a denial of… | |||
| CVE-2001-1137 | 0.03 | — | 0.03 | Sep 6, 2001 | D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows remote attackers to cause a denial of service (reboot) via malformed IP datagram fragments. | |||
| CVE-2025-2620 | 0.02 | — | 0.07 | Mar 22, 2025 | A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack… | |||
| CVE-2024-9570 | 0.02 | — | 0.03 | Oct 7, 2024 | A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formEasySetTimezone of the file /goform/formEasySetTimezone. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched… | |||
| CVE-2024-8132 | 0.02 | — | 0.23 | Aug 24, 2024 | A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been classified… | |||
| CVE-2023-32166 | 0.02 | — | 0.74 | May 3, 2024 | D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw… | |||
| CVE-2024-0717 | 0.02 | — | 0.18 | Jan 19, 2024 | A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S,… | |||
| CVE-2023-48842 | 0.02 | — | 0.04 | Dec 1, 2023 | D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi. | |||
| CVE-2023-42406 | 0.02 | — | 0.02 | Oct 26, 2023 | SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php component. | |||
| CVE-2023-45574 | 0.02 | — | 0.02 | Oct 16, 2023 | Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and… | |||
| CVE-2023-5151 | 0.02 | — | 0.81 | Sep 25, 2023 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DAR-8000 up to 20151231. Affected by this vulnerability is an unknown functionality of the file /autheditpwd.php. The manipulation of the argument hid_id leads to sql injection. The attack… | |||
| CVE-2023-33735 | 0.02 | — | 0.33 | May 31, 2023 | D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in the /HNAP1 interface. | |||
| CVE-2023-27216 | 0.02 | — | 0.04 | Apr 12, 2023 | An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the network settings page. | |||
| CVE-2023-26822 | 0.02 | — | 0.03 | Apr 1, 2023 | D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at soapcgi.main. | |||
| CVE-2022-48107 | 0.02 | — | 0.03 | Jan 27, 2023 | D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress. This vulnerability allows attackers to escalate privileges to root via a crafted payload. | |||
| CVE-2022-48108 | 0.02 | — | 0.03 | Jan 27, 2023 | D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload. | |||
| CVE-2022-44832 | 0.02 | — | 0.04 | Dec 14, 2022 | D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function. | |||
| CVE-2022-44930 | 0.02 | — | 0.03 | Dec 2, 2022 | D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function. | |||
| CVE-2022-37125 | 0.02 | — | 0.03 | Aug 31, 2022 | D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost. | |||
| CVE-2022-37130 | 0.02 | — | 0.26 | Aug 31, 2022 | In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerability | |||
| CVE-2022-37056 | 0.02 | — | 0.10 | Aug 28, 2022 | D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 is vulnerable to Command Injection via /cgibin, hnap_main, | |||
| CVE-2022-35620 | 0.02 | — | 0.31 | Aug 3, 2022 | D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function binary.soapcgi_main. | |||
| CVE-2022-34974 | 0.02 | — | 0.23 | Aug 3, 2022 | D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function. | |||
| CVE-2022-34527 | 0.02 | — | 0.04 | Jul 29, 2022 | D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via the function byte_4C0160. | |||
| CVE-2022-32092 | 0.02 | — | 0.06 | Jun 27, 2022 | D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi. | |||
| CVE-2022-29778 | 0.02 | — | 0.02 | Jun 3, 2022 | D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php | |||
| CVE-2022-28956 | 0.02 | — | 0.22 | May 18, 2022 | An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload. | |||
| CVE-2022-28896 | 0.02 | — | 0.04 | May 10, 2022 | A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | |||
| CVE-2022-28895 | 0.02 | — | 0.04 | May 10, 2022 | A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | |||
| CVE-2022-28901 | 0.02 | — | 0.04 | May 10, 2022 | A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | |||
| CVE-2022-28915 | 0.02 | — | 0.06 | May 10, 2022 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm. | |||
| CVE-2021-46314 | 0.02 | — | 0.33 | Feb 17, 2022 | A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backticks can be used for command injection when judging whether it is a reasonable… | |||
| CVE-2021-46454 | 0.02 | — | 0.05 | Feb 4, 2022 | D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanApcliSettings. This vulnerability allows attackers to execute arbitrary commands via the ApCliKeyStr parameter. | |||
| CVE-2020-25367 | 0.02 | — | 0.13 | Nov 4, 2021 | A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login. | |||
| CVE-2021-27113 | 0.02 | — | 0.03 | Apr 14, 2021 | An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters. | |||
| CVE-2021-29379 | 0.02 | — | 0.04 | Apr 12, 2021 | An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. NOTE:… | |||
| CVE-2021-28143 | 0.02 | — | 0.32 | Mar 11, 2021 | /jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute (under System Tools). | |||
| CVE-2020-27865 | 0.02 | — | 0.03 | Feb 11, 2021 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uhttpd service,… | |||
| CVE-2020-24578 | 0.02 | — | 0.02 | Dec 22, 2020 | An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files (such as the password hash file). |
- CVE-2012-5319Oct 8, 2012risk 0.03cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the rootpass parameter.
- CVE-2012-1308Oct 8, 2012risk 0.03cvss —epss 0.02
Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.
- CVE-2010-0936Mar 8, 2010risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.
- CVE-2008-4133Sep 19, 2008risk 0.03cvss —epss 0.04
The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters.
- CVE-2006-6538Dec 14, 2006risk 0.03cvss —epss 0.03
D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the wireless link.
- CVE-2006-6055Nov 22, 2006risk 0.03cvss —epss 0.06
Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 wireless adapter allows remote attackers to execute arbitrary code via a 802.11 beacon request with a long Rates information element (IE).
- CVE-2006-2653May 30, 2006risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter.
- CVE-2006-0784Feb 19, 2006risk 0.03cvss —epss 0.03
D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of "GET" followed by a space and two newlines, possibly triggering the crash due to missing arguments.
- CVE-2005-4723Dec 31, 2005risk 0.03cvss —epss 0.03
D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment.
- CVE-2004-0615Dec 6, 2004risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request.
- CVE-2004-1650Aug 31, 2004risk 0.03cvss —epss 0.03
D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet.
- CVE-2002-1865Dec 31, 2002risk 0.03cvss —epss 0.03
Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4.68, Dl-704 V2.56b6, and Dl-704 V2.56b5 and (2) Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 through 1.42.7 and Linksys WAP11 1.3 and 1.4, allows remote attackers to cause a denial of…
- CVE-2001-1137Sep 6, 2001risk 0.03cvss —epss 0.03
D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows remote attackers to cause a denial of service (reboot) via malformed IP datagram fragments.
- CVE-2025-2620Mar 22, 2025risk 0.02cvss —epss 0.07
A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack…
- CVE-2024-9570Oct 7, 2024risk 0.02cvss —epss 0.03
A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formEasySetTimezone of the file /goform/formEasySetTimezone. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched…
- CVE-2024-8132Aug 24, 2024risk 0.02cvss —epss 0.23
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been classified…
- CVE-2023-32166May 3, 2024risk 0.02cvss —epss 0.74
D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw…
- CVE-2024-0717Jan 19, 2024risk 0.02cvss —epss 0.18
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S,…
- CVE-2023-48842Dec 1, 2023risk 0.02cvss —epss 0.04
D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi.
- CVE-2023-42406Oct 26, 2023risk 0.02cvss —epss 0.02
SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php component.
- CVE-2023-45574Oct 16, 2023risk 0.02cvss —epss 0.02
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and…
- CVE-2023-5151Sep 25, 2023risk 0.02cvss —epss 0.81
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DAR-8000 up to 20151231. Affected by this vulnerability is an unknown functionality of the file /autheditpwd.php. The manipulation of the argument hid_id leads to sql injection. The attack…
- CVE-2023-33735May 31, 2023risk 0.02cvss —epss 0.33
D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in the /HNAP1 interface.
- CVE-2023-27216Apr 12, 2023risk 0.02cvss —epss 0.04
An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the network settings page.
- CVE-2023-26822Apr 1, 2023risk 0.02cvss —epss 0.03
D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at soapcgi.main.
- CVE-2022-48107Jan 27, 2023risk 0.02cvss —epss 0.03
D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress. This vulnerability allows attackers to escalate privileges to root via a crafted payload.
- CVE-2022-48108Jan 27, 2023risk 0.02cvss —epss 0.03
D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload.
- CVE-2022-44832Dec 14, 2022risk 0.02cvss —epss 0.04
D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function.
- CVE-2022-44930Dec 2, 2022risk 0.02cvss —epss 0.03
D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function.
- CVE-2022-37125Aug 31, 2022risk 0.02cvss —epss 0.03
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost.
- CVE-2022-37130Aug 31, 2022risk 0.02cvss —epss 0.26
In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerability
- CVE-2022-37056Aug 28, 2022risk 0.02cvss —epss 0.10
D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 is vulnerable to Command Injection via /cgibin, hnap_main,
- CVE-2022-35620Aug 3, 2022risk 0.02cvss —epss 0.31
D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function binary.soapcgi_main.
- CVE-2022-34974Aug 3, 2022risk 0.02cvss —epss 0.23
D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function.
- CVE-2022-34527Jul 29, 2022risk 0.02cvss —epss 0.04
D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via the function byte_4C0160.
- CVE-2022-32092Jun 27, 2022risk 0.02cvss —epss 0.06
D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi.
- CVE-2022-29778Jun 3, 2022risk 0.02cvss —epss 0.02
D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php
- CVE-2022-28956May 18, 2022risk 0.02cvss —epss 0.22
An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.
- CVE-2022-28896May 10, 2022risk 0.02cvss —epss 0.04
A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
- CVE-2022-28895May 10, 2022risk 0.02cvss —epss 0.04
A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
- CVE-2022-28901May 10, 2022risk 0.02cvss —epss 0.04
A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
- CVE-2022-28915May 10, 2022risk 0.02cvss —epss 0.06
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm.
- CVE-2021-46314Feb 17, 2022risk 0.02cvss —epss 0.33
A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backticks can be used for command injection when judging whether it is a reasonable…
- CVE-2021-46454Feb 4, 2022risk 0.02cvss —epss 0.05
D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanApcliSettings. This vulnerability allows attackers to execute arbitrary commands via the ApCliKeyStr parameter.
- CVE-2020-25367Nov 4, 2021risk 0.02cvss —epss 0.13
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login.
- CVE-2021-27113Apr 14, 2021risk 0.02cvss —epss 0.03
An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters.
- CVE-2021-29379Apr 12, 2021risk 0.02cvss —epss 0.04
An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. NOTE:…
- CVE-2021-28143Mar 11, 2021risk 0.02cvss —epss 0.32
/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute (under System Tools).
- CVE-2020-27865Feb 11, 2021risk 0.02cvss —epss 0.03
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uhttpd service,…
- CVE-2020-24578Dec 22, 2020risk 0.02cvss —epss 0.02
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files (such as the password hash file).
Page 11 of 37