VYPR

Vendor CVEs

Dlink

All CVEs

1,843 total · sorted by risk
  • CVE-2012-5319Oct 8, 2012
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the rootpass parameter.

  • CVE-2012-1308Oct 8, 2012
    risk 0.03cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.

  • CVE-2010-0936Mar 8, 2010
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.

  • CVE-2008-4133Sep 19, 2008
    risk 0.03cvss epss 0.04

    The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters.

  • CVE-2006-6538Dec 14, 2006
    risk 0.03cvss epss 0.03

    D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the wireless link.

  • CVE-2006-6055Nov 22, 2006
    risk 0.03cvss epss 0.06

    Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 wireless adapter allows remote attackers to execute arbitrary code via a 802.11 beacon request with a long Rates information element (IE).

  • CVE-2006-2653May 30, 2006
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter.

  • CVE-2006-0784Feb 19, 2006
    risk 0.03cvss epss 0.03

    D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of "GET" followed by a space and two newlines, possibly triggering the crash due to missing arguments.

  • CVE-2005-4723Dec 31, 2005
    risk 0.03cvss epss 0.03

    D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment.

  • CVE-2004-0615Dec 6, 2004
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request.

  • CVE-2004-1650Aug 31, 2004
    risk 0.03cvss epss 0.03

    D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet.

  • CVE-2002-1865Dec 31, 2002
    risk 0.03cvss epss 0.03

    Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4.68, Dl-704 V2.56b6, and Dl-704 V2.56b5 and (2) Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 through 1.42.7 and Linksys WAP11 1.3 and 1.4, allows remote attackers to cause a denial of…

  • CVE-2001-1137Sep 6, 2001
    risk 0.03cvss epss 0.03

    D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows remote attackers to cause a denial of service (reboot) via malformed IP datagram fragments.

  • CVE-2025-2620Mar 22, 2025
    risk 0.02cvss epss 0.07

    A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack…

  • CVE-2024-9570Oct 7, 2024
    risk 0.02cvss epss 0.03

    A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formEasySetTimezone of the file /goform/formEasySetTimezone. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched…

  • CVE-2024-8132Aug 24, 2024
    risk 0.02cvss epss 0.23

    A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been classified…

  • CVE-2023-32166May 3, 2024
    risk 0.02cvss epss 0.74

    D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw…

  • CVE-2024-0717Jan 19, 2024
    risk 0.02cvss epss 0.18

    A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S,…

  • CVE-2023-48842Dec 1, 2023
    risk 0.02cvss epss 0.04

    D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi.

  • CVE-2023-42406Oct 26, 2023
    risk 0.02cvss epss 0.02

    SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php component.

  • CVE-2023-45574Oct 16, 2023
    risk 0.02cvss epss 0.02

    Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and…

  • CVE-2023-5151Sep 25, 2023
    risk 0.02cvss epss 0.81

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DAR-8000 up to 20151231. Affected by this vulnerability is an unknown functionality of the file /autheditpwd.php. The manipulation of the argument hid_id leads to sql injection. The attack…

  • CVE-2023-33735May 31, 2023
    risk 0.02cvss epss 0.33

    D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in the /HNAP1 interface.

  • CVE-2023-27216Apr 12, 2023
    risk 0.02cvss epss 0.04

    An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the network settings page.

  • CVE-2023-26822Apr 1, 2023
    risk 0.02cvss epss 0.03

    D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at soapcgi.main.

  • CVE-2022-48107Jan 27, 2023
    risk 0.02cvss epss 0.03

    D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress. This vulnerability allows attackers to escalate privileges to root via a crafted payload.

  • CVE-2022-48108Jan 27, 2023
    risk 0.02cvss epss 0.03

    D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload.

  • CVE-2022-44832Dec 14, 2022
    risk 0.02cvss epss 0.04

    D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function.

  • CVE-2022-44930Dec 2, 2022
    risk 0.02cvss epss 0.03

    D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function.

  • CVE-2022-37125Aug 31, 2022
    risk 0.02cvss epss 0.03

    D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost.

  • CVE-2022-37130Aug 31, 2022
    risk 0.02cvss epss 0.26

    In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerability

  • CVE-2022-37056Aug 28, 2022
    risk 0.02cvss epss 0.10

    D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 is vulnerable to Command Injection via /cgibin, hnap_main,

  • CVE-2022-35620Aug 3, 2022
    risk 0.02cvss epss 0.31

    D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function binary.soapcgi_main.

  • CVE-2022-34974Aug 3, 2022
    risk 0.02cvss epss 0.23

    D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function.

  • CVE-2022-34527Jul 29, 2022
    risk 0.02cvss epss 0.04

    D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via the function byte_4C0160.

  • CVE-2022-32092Jun 27, 2022
    risk 0.02cvss epss 0.06

    D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi.

  • CVE-2022-29778Jun 3, 2022
    risk 0.02cvss epss 0.02

    D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php

  • CVE-2022-28956May 18, 2022
    risk 0.02cvss epss 0.22

    An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.

  • CVE-2022-28896May 10, 2022
    risk 0.02cvss epss 0.04

    A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.

  • CVE-2022-28895May 10, 2022
    risk 0.02cvss epss 0.04

    A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.

  • CVE-2022-28901May 10, 2022
    risk 0.02cvss epss 0.04

    A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.

  • CVE-2022-28915May 10, 2022
    risk 0.02cvss epss 0.06

    D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm.

  • CVE-2021-46314Feb 17, 2022
    risk 0.02cvss epss 0.33

    A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backticks can be used for command injection when judging whether it is a reasonable…

  • CVE-2021-46454Feb 4, 2022
    risk 0.02cvss epss 0.05

    D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanApcliSettings. This vulnerability allows attackers to execute arbitrary commands via the ApCliKeyStr parameter.

  • CVE-2020-25367Nov 4, 2021
    risk 0.02cvss epss 0.13

    A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login.

  • CVE-2021-27113Apr 14, 2021
    risk 0.02cvss epss 0.03

    An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters.

  • CVE-2021-29379Apr 12, 2021
    risk 0.02cvss epss 0.04

    An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. NOTE:…

  • CVE-2021-28143Mar 11, 2021
    risk 0.02cvss epss 0.32

    /jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute (under System Tools).

  • CVE-2020-27865Feb 11, 2021
    risk 0.02cvss epss 0.03

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uhttpd service,…

  • CVE-2020-24578Dec 22, 2020
    risk 0.02cvss epss 0.02

    An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files (such as the password hash file).

Page 11 of 37