VYPR

Vendor CVEs

Dlink

All CVEs

1,843 total · sorted by risk
  • CVE-2018-20432Sep 14, 2020
    risk 0.02cvss epss 0.04

    D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration.

  • CVE-2019-13561Jul 11, 2019
    risk 0.02cvss epss 0.08

    D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter.

  • CVE-2017-8404Jul 2, 2019
    risk 0.02cvss epss 0.08

    An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentials and hostname sent to…

  • CVE-2017-8408Jul 2, 2019
    risk 0.02cvss epss 0.05

    An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the GET parameters passed in this request (to test if SMB credentials and hostname sent to the…

  • CVE-2013-7471Jun 11, 2019
    risk 0.02cvss epss 0.24

    An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or…

  • CVE-2018-19988May 13, 2019
    risk 0.02cvss epss 0.07

    In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath…

  • CVE-2018-19300Apr 11, 2019
    risk 0.02cvss epss 0.74

    On D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) before firmware version 1.06b01, DWR-111 (A1) before firmware version 1.02v02, DWR-116 (A1) before firmware version 1.06b03, DWR-512 (B1) before firmware version 2.02b01, DWR-711 (A1) through firmware version…

  • CVE-2019-7297Jan 31, 2019
    risk 0.02cvss epss 0.12

    An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function…

  • CVE-2007-0933Jun 5, 2007
    risk 0.02cvss epss 0.28

    Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ (Rev. A1) on Windows XP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a beacon frame with a long TIM Information Element.

  • CVE-2025-14528Dec 11, 2025
    risk 0.01cvss epss 0.04

    A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_GROUP results in information disclosure. The attack may be performed from…

  • CVE-2022-50596Nov 6, 2025
    risk 0.01cvss epss 0.04

    D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command injection vulnerability within the web management interface that allows for unauthenticated attackers to execute arbitrary commands on the device with root privileges. The flaw…

  • CVE-2025-5621Jun 4, 2025
    risk 0.01cvss epss 0.07

    A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this vulnerability is the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to os command injection. The…

  • CVE-2025-5620Jun 4, 2025
    risk 0.01cvss epss 0.07

    A vulnerability, which was classified as critical, was found in D-Link DIR-816 1.10CNB05. Affected is the function setipsec_config of the file /goform/setipsec_config. The manipulation of the argument localIP/remoteIP leads to os command injection. It is possible to launch the…

  • CVE-2025-3538Apr 13, 2025
    risk 0.01cvss epss 0.08

    A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been rated as critical. This issue affects the function auth_asp of the file /auth.asp of the component jhttpd. The manipulation of the argument callback leads to stack-based buffer overflow. The attack needs to be…

  • CVE-2025-2359Mar 17, 2025
    risk 0.01cvss epss 0.14

    A vulnerability classified as critical has been found in D-Link DIR-823G 1.0.2B05_20181207. Affected is the function SetDDNSSettings of the file /HNAP1/ of the component DDNS Service. The manipulation of the argument SOAPAction leads to improper authorization. It is possible to…

  • CVE-2025-1103Feb 7, 2025
    risk 0.01cvss epss 0.11

    A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function set_wifi_blacklists of the file /goform/set_wifi_blacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to…

  • CVE-2024-9004Sep 19, 2024
    risk 0.01cvss epss 0.16

    A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Affected is an unknown function of the file /view/DBManage/Backup_Server_commit.php. The manipulation of the argument host leads to os command injection. It is possible to launch the attack…

  • CVE-2024-8129Aug 24, 2024
    risk 0.01cvss epss 0.22

    A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to…

  • CVE-2024-7922Aug 19, 2024
    risk 0.01cvss epss 0.19

    A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as…

  • CVE-2024-39962Jul 19, 2024
    risk 0.01cvss epss 0.02

    D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a remote code execution (RCE) vulnerability in the ntp_zone_val parameter at /goform/set_ntp. This vulnerability is exploited via a crafted HTTP request.

  • CVE-2024-34950May 14, 2024
    risk 0.01cvss epss 0.05

    D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer overflow vulnerability in the SetNetworkTomographySettings module.

  • CVE-2023-44412May 3, 2024
    risk 0.01cvss epss 0.84

    D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. …

  • CVE-2023-35744May 3, 2024
    risk 0.01cvss epss 0.02

    D-Link DAP-2622 DDP Configuration Restore Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is…

  • CVE-2024-33343Apr 26, 2024
    risk 0.01cvss epss 0.08

    D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell.

  • CVE-2024-0921Jan 26, 2024
    risk 0.01cvss epss 0.38

    A vulnerability has been found in D-Link DIR-816 A2 1.10CNB04 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setDeviceSettings of the component Web Interface. The manipulation of the argument statuscheckpppoeuser leads…

  • CVE-2024-23625Jan 25, 2024
    risk 0.01cvss epss 0.23

    A command injection vulnerability exists in D-Link DAP-1650 devices when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root.

  • CVE-2024-23624Jan 25, 2024
    risk 0.01cvss epss 0.26

    A command injection vulnerability exists in the gena.cgi module of D-Link DAP-1650 devices. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root.

  • CVE-2023-51984Jan 11, 2024
    risk 0.01cvss epss 0.02

    D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. allows remote attackers to execute arbitrary commands via shell.

  • CVE-2023-44693Oct 17, 2023
    risk 0.01cvss epss 0.13

    D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /importexport.php.

  • CVE-2023-45576Oct 16, 2023
    risk 0.01cvss epss 0.01

    Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and…

  • CVE-2023-45580Oct 16, 2023
    risk 0.01cvss epss 0.01

    Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and…

  • CVE-2023-45575Oct 16, 2023
    risk 0.01cvss epss 0.01

    Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1…

  • CVE-2023-45572Oct 16, 2023
    risk 0.01cvss epss 0.01

    Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and…

  • CVE-2023-45579Oct 16, 2023
    risk 0.01cvss epss 0.01

    Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and…

  • CVE-2023-45573Oct 16, 2023
    risk 0.01cvss epss 0.01

    Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and…

  • CVE-2023-45578Oct 16, 2023
    risk 0.01cvss epss 0.01

    Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and…

  • CVE-2023-45577Oct 16, 2023
    risk 0.01cvss epss 0.01

    Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1…

  • CVE-2023-43960Oct 11, 2023
    risk 0.01cvss epss 0.01

    An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to escalate privileges via the User Modify function in the Maintenance/Access function component.

  • CVE-2023-44839Oct 5, 2023
    risk 0.01cvss epss 0.08

    D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Encryption parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2023-37791Jul 17, 2023
    risk 0.01cvss epss 0.12

    D-Link DIR-619L v2.04(TW) was discovered to contain a stack overflow via the curTime parameter at /goform/formLogin.

  • CVE-2022-46641Dec 23, 2022
    risk 0.01cvss epss 0.03

    D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the lan(0)_dhcps_staticlist parameter in the SetIpMacBindSettings function.

  • CVE-2022-46642Dec 23, 2022
    risk 0.01cvss epss 0.03

    D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the auto_upgrade_hour parameter in the SetAutoUpgradeInfo function.

  • CVE-2022-44928Dec 2, 2022
    risk 0.01cvss epss 0.03

    D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function.

  • CVE-2022-44808Nov 22, 2022
    risk 0.01cvss epss 0.04

    A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the…

  • CVE-2022-43109Nov 3, 2022
    risk 0.01cvss epss 0.04

    D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet.

  • CVE-2020-21016Oct 31, 2022
    risk 0.01cvss epss 0.02

    D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php.

  • CVE-2022-42999Oct 26, 2022
    risk 0.01cvss epss 0.03

    D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm.

  • CVE-2022-43184Oct 19, 2022
    risk 0.01cvss epss 0.02

    D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via the component /bin/proc.cgi.

  • CVE-2022-42160Oct 13, 2022
    risk 0.01cvss epss 0.03

    D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings.

  • CVE-2022-42161Oct 13, 2022
    risk 0.01cvss epss 0.03

    D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS.

Page 12 of 37