Vendor CVEs
Dlink
All CVEs
1,843 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-60671 | 0.00 | — | 0.01 | Nov 13, 2025 | A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linux_vlan_reinit file. The vulnerability occurs because content read from this file is only… | |||
| CVE-2025-60697 | 0.00 | — | 0.03 | Nov 13, 2025 | A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. The `sub_4438A4` function in `prog.cgi` stores user-supplied DDNS parameters (`ServerAddress` and `Hostname`) in NVRAM via `nvram_safe_set`.… | |||
| CVE-2025-60676 | 0.00 | — | 0.03 | Nov 13, 2025 | An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetNetworkSettings' functionality of prog.cgi, where the 'IPAddress' and 'SubnetMask' parameters are directly concatenated into shell… | |||
| CVE-2025-60673 | 0.00 | — | 0.03 | Nov 13, 2025 | An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDMZSettings' functionality, where the 'IPAddress' parameter in prog.cgi is stored in NVRAM and later used by librcm.so to construct… | |||
| CVE-2025-60679 | 0.00 | — | 0.01 | Nov 13, 2025 | A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1.10CNB05_R1B011D88210.img in the upload.cgi module, which handles firmware version information. The vulnerability occurs because /proc/version is read into a 512-byte buffer and… | |||
| CVE-2025-60700 | 0.00 | — | 0.03 | Nov 13, 2025 | A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `librcm.so` binaries. The `sub_4455BC` function in `prog.cgi` stores user-supplied `SetDMZSettings/IPAddress` values in NVRAM via… | |||
| CVE-2025-60675 | 0.00 | — | 0.01 | Nov 13, 2025 | A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /tmp/new_qos.rule configuration file. The vulnerability occurs because parsed fields from the configuration… | |||
| CVE-2025-60698 | 0.00 | — | 0.03 | Nov 13, 2025 | A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. The `sub_432F60` function in `prog.cgi` stores user-supplied `SetSysLogSettings/IPAddress` values in NVRAM via… | |||
| CVE-2018-25120 | 0.00 | — | 0.10 | Oct 29, 2025 | D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a command injection vulnerability in the Mail Test functionality. The web maintenance script posts to the internal goForm endpoint '/goform/Mail_Test' and uses several form parameters… | |||
| CVE-2025-12295 | 0.00 | — | 0.00 | Oct 27, 2025 | A weakness has been identified in D-Link DAP-2695 2.00RC13. The affected element is the function sub_40C6B8 of the component Firmware Update Handler. Executing manipulation can lead to improper verification of cryptographic signature. The attack can be launched remotely. Attacks… | |||
| CVE-2025-60559 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetDomainFilter. | |||
| CVE-2025-60565 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSchedule. | |||
| CVE-2025-60571 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600LAx FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetQoS. | |||
| CVE-2025-60556 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizard1. | |||
| CVE-2025-60555 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizardSelectMode. | |||
| CVE-2025-60547 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard7. | |||
| CVE-2025-60572 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvNetwork. | |||
| CVE-2025-60554 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEnableWizard. | |||
| CVE-2025-60553 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard52. | |||
| CVE-2025-60552 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formTcpipSetup. | |||
| CVE-2025-60562 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formWlSiteSurvey. | |||
| CVE-2025-60550 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formEasySetTimezone. | |||
| CVE-2025-60551 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the next_page parameter in the function formDeviceReboot. | |||
| CVE-2025-60557 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEasy_Wizard. | |||
| CVE-2025-60561 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEmail. | |||
| CVE-2025-60563 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetPortTr. | |||
| CVE-2025-60558 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formVirtualServ. | |||
| CVE-2025-60570 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLogDnsquery. | |||
| CVE-2025-60548 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLanSetupRouterSettings. | |||
| CVE-2025-60566 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetMACFilter. | |||
| CVE-2025-60568 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvFirewall. | |||
| CVE-2025-60549 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAutoDetecWAN_wizard4. | |||
| CVE-2025-60564 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetLog. | |||
| CVE-2025-60569 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetRoute. | |||
| CVE-2025-60332 | 0.00 | — | 0.05 | Oct 22, 2025 | A NULL pointer dereference in the SetWLanRadioSettings function of D-Link DIR-823G A1 v1.0.2B05 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | |||
| CVE-2025-60331 | 0.00 | — | 0.01 | Oct 22, 2025 | D-Link DIR-823G A1 v1.0.2B05 was discovered to contain a buffer overflow in the FillMacCloneMac parameter in the /EXCU_SHELL endpoint. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2025-52079 | 0.00 | — | 0.00 | Oct 21, 2025 | The administrator password setting of the D-Link DIR-820L 1.06B02 is has Improper Access Control and is vulnerable to Unverified Password Change via crafted POST request to /get_set.ccp. | |||
| CVE-2025-34253 | 0.00 | — | 0.01 | Oct 16, 2025 | D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain a stored cross-site scripting (XSS) vulnerability due to improper sanitization of the 'Network' field when editing the configuration, creating a profile, and adding a network. An authenticated attacker can inject… | |||
| CVE-2025-34255 | 0.00 | — | 0.01 | Oct 16, 2025 | D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account.… | |||
| CVE-2025-34254 | 0.00 | — | 0.01 | Oct 16, 2025 | D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Login' endpoint returns distinct JSON responses depending on whether the supplied username is associated with an existing account. Because the… | |||
| CVE-2025-11665 | 0.00 | — | 0.07 | Oct 13, 2025 | A vulnerability was detected in D-Link DAP-2695 2.00RC131. This affects the function fwupdater_main of the file rgbin of the component Firmware Update Handler. Performing manipulation results in os command injection. The attack may be initiated remotely. This vulnerability only… | |||
| CVE-2025-61577 | 0.00 | — | 0.05 | Oct 9, 2025 | D-Link DIR-816A2_FWv1.10CNB05 was discovered to contain a stack overflow via the statuscheckpppoeuser parameter in the dir_setWanWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2025-11408 | 0.00 | — | 0.01 | Oct 7, 2025 | A security vulnerability has been detected in D-Link DI-7001 MINI 24.04.18B1. The affected element is an unknown function of the file /dbsrv.asp. Such manipulation of the argument str leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed… | |||
| CVE-2025-11339 | 0.00 | — | 0.01 | Oct 6, 2025 | A vulnerability has been found in D-Link DI-7100G C1 up to 20250928. This issue affects the function sub_4BD4F8 of the file /webchat/hi_block.asp of the component jhttpd. The manipulation of the argument popupId leads to buffer overflow. The attack can be initiated remotely. The… | |||
| CVE-2025-11338 | 0.00 | — | 0.01 | Oct 6, 2025 | A flaw has been found in D-Link DI-7100G C1 up to 20250928. This vulnerability affects the function sub_4C0990 of the file /webchat/login.cgi of the component jhttpd. Executing manipulation of the argument openid can lead to buffer overflow. It is possible to launch the attack… | |||
| CVE-2025-57637 | 0.00 | — | 0.01 | Sep 23, 2025 | Buffer overflow vulnerability in D-Link DI-7100G 2020-02-21 in the sub_451754 function of the jhttpd service in the viav4 parameter allowing attackers to cause a denial of service or execute arbitrary code. | |||
| CVE-2025-10792 | 0.00 | — | 0.03 | Sep 22, 2025 | A security vulnerability has been detected in D-Link DIR-513 A1FW110. Affected is an unknown function of the file /goform/formWPS. Such manipulation of the argument webpage leads to buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly… | |||
| CVE-2025-10779 | 0.00 | — | 0.01 | Sep 22, 2025 | A vulnerability was found in D-Link DCS-935L up to 1.13.01. The impacted element is the function sub_402280 of the file /HNAP1/. The manipulation of the argument HNAP_AUTH/SOAPAction results in stack-based buffer overflow. The attack may be launched remotely. The exploit has… | |||
| CVE-2025-10093 | 0.00 | — | 0.01 | Sep 8, 2025 | A vulnerability was identified in D-Link DIR-852 up to 1.00CN B09. Affected by this vulnerability is the function phpcgi_main of the file /getcfg.php of the component Device Configuration Handler. Such manipulation leads to information disclosure. The attack may be performed… | |||
| CVE-2025-10034 | 0.00 | — | 0.01 | Sep 6, 2025 | A vulnerability was found in D-Link DIR-825 1.08.01. This impacts the function get_ping6_app_stat of the file ping6_response.cg of the component httpd. Performing manipulation of the argument ping6_ipaddr results in buffer overflow. It is possible to initiate the attack… |
- CVE-2025-60671Nov 13, 2025risk 0.00cvss —epss 0.01
A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linux_vlan_reinit file. The vulnerability occurs because content read from this file is only…
- CVE-2025-60697Nov 13, 2025risk 0.00cvss —epss 0.03
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. The `sub_4438A4` function in `prog.cgi` stores user-supplied DDNS parameters (`ServerAddress` and `Hostname`) in NVRAM via `nvram_safe_set`.…
- CVE-2025-60676Nov 13, 2025risk 0.00cvss —epss 0.03
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetNetworkSettings' functionality of prog.cgi, where the 'IPAddress' and 'SubnetMask' parameters are directly concatenated into shell…
- CVE-2025-60673Nov 13, 2025risk 0.00cvss —epss 0.03
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDMZSettings' functionality, where the 'IPAddress' parameter in prog.cgi is stored in NVRAM and later used by librcm.so to construct…
- CVE-2025-60679Nov 13, 2025risk 0.00cvss —epss 0.01
A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1.10CNB05_R1B011D88210.img in the upload.cgi module, which handles firmware version information. The vulnerability occurs because /proc/version is read into a 512-byte buffer and…
- CVE-2025-60700Nov 13, 2025risk 0.00cvss —epss 0.03
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `librcm.so` binaries. The `sub_4455BC` function in `prog.cgi` stores user-supplied `SetDMZSettings/IPAddress` values in NVRAM via…
- CVE-2025-60675Nov 13, 2025risk 0.00cvss —epss 0.01
A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /tmp/new_qos.rule configuration file. The vulnerability occurs because parsed fields from the configuration…
- CVE-2025-60698Nov 13, 2025risk 0.00cvss —epss 0.03
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. The `sub_432F60` function in `prog.cgi` stores user-supplied `SetSysLogSettings/IPAddress` values in NVRAM via…
- CVE-2018-25120Oct 29, 2025risk 0.00cvss —epss 0.10
D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a command injection vulnerability in the Mail Test functionality. The web maintenance script posts to the internal goForm endpoint '/goform/Mail_Test' and uses several form parameters…
- CVE-2025-12295Oct 27, 2025risk 0.00cvss —epss 0.00
A weakness has been identified in D-Link DAP-2695 2.00RC13. The affected element is the function sub_40C6B8 of the component Firmware Update Handler. Executing manipulation can lead to improper verification of cryptographic signature. The attack can be launched remotely. Attacks…
- CVE-2025-60559Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetDomainFilter.
- CVE-2025-60565Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSchedule.
- CVE-2025-60571Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600LAx FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetQoS.
- CVE-2025-60556Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizard1.
- CVE-2025-60555Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizardSelectMode.
- CVE-2025-60547Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard7.
- CVE-2025-60572Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvNetwork.
- CVE-2025-60554Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEnableWizard.
- CVE-2025-60553Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard52.
- CVE-2025-60552Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formTcpipSetup.
- CVE-2025-60562Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formWlSiteSurvey.
- CVE-2025-60550Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formEasySetTimezone.
- CVE-2025-60551Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the next_page parameter in the function formDeviceReboot.
- CVE-2025-60557Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEasy_Wizard.
- CVE-2025-60561Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEmail.
- CVE-2025-60563Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetPortTr.
- CVE-2025-60558Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formVirtualServ.
- CVE-2025-60570Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLogDnsquery.
- CVE-2025-60548Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLanSetupRouterSettings.
- CVE-2025-60566Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetMACFilter.
- CVE-2025-60568Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvFirewall.
- CVE-2025-60549Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAutoDetecWAN_wizard4.
- CVE-2025-60564Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetLog.
- CVE-2025-60569Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetRoute.
- CVE-2025-60332Oct 22, 2025risk 0.00cvss —epss 0.05
A NULL pointer dereference in the SetWLanRadioSettings function of D-Link DIR-823G A1 v1.0.2B05 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
- CVE-2025-60331Oct 22, 2025risk 0.00cvss —epss 0.01
D-Link DIR-823G A1 v1.0.2B05 was discovered to contain a buffer overflow in the FillMacCloneMac parameter in the /EXCU_SHELL endpoint. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2025-52079Oct 21, 2025risk 0.00cvss —epss 0.00
The administrator password setting of the D-Link DIR-820L 1.06B02 is has Improper Access Control and is vulnerable to Unverified Password Change via crafted POST request to /get_set.ccp.
- CVE-2025-34253Oct 16, 2025risk 0.00cvss —epss 0.01
D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain a stored cross-site scripting (XSS) vulnerability due to improper sanitization of the 'Network' field when editing the configuration, creating a profile, and adding a network. An authenticated attacker can inject…
- CVE-2025-34255Oct 16, 2025risk 0.00cvss —epss 0.01
D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account.…
- CVE-2025-34254Oct 16, 2025risk 0.00cvss —epss 0.01
D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Login' endpoint returns distinct JSON responses depending on whether the supplied username is associated with an existing account. Because the…
- CVE-2025-11665Oct 13, 2025risk 0.00cvss —epss 0.07
A vulnerability was detected in D-Link DAP-2695 2.00RC131. This affects the function fwupdater_main of the file rgbin of the component Firmware Update Handler. Performing manipulation results in os command injection. The attack may be initiated remotely. This vulnerability only…
- CVE-2025-61577Oct 9, 2025risk 0.00cvss —epss 0.05
D-Link DIR-816A2_FWv1.10CNB05 was discovered to contain a stack overflow via the statuscheckpppoeuser parameter in the dir_setWanWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2025-11408Oct 7, 2025risk 0.00cvss —epss 0.01
A security vulnerability has been detected in D-Link DI-7001 MINI 24.04.18B1. The affected element is an unknown function of the file /dbsrv.asp. Such manipulation of the argument str leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed…
- CVE-2025-11339Oct 6, 2025risk 0.00cvss —epss 0.01
A vulnerability has been found in D-Link DI-7100G C1 up to 20250928. This issue affects the function sub_4BD4F8 of the file /webchat/hi_block.asp of the component jhttpd. The manipulation of the argument popupId leads to buffer overflow. The attack can be initiated remotely. The…
- CVE-2025-11338Oct 6, 2025risk 0.00cvss —epss 0.01
A flaw has been found in D-Link DI-7100G C1 up to 20250928. This vulnerability affects the function sub_4C0990 of the file /webchat/login.cgi of the component jhttpd. Executing manipulation of the argument openid can lead to buffer overflow. It is possible to launch the attack…
- CVE-2025-57637Sep 23, 2025risk 0.00cvss —epss 0.01
Buffer overflow vulnerability in D-Link DI-7100G 2020-02-21 in the sub_451754 function of the jhttpd service in the viav4 parameter allowing attackers to cause a denial of service or execute arbitrary code.
- CVE-2025-10792Sep 22, 2025risk 0.00cvss —epss 0.03
A security vulnerability has been detected in D-Link DIR-513 A1FW110. Affected is an unknown function of the file /goform/formWPS. Such manipulation of the argument webpage leads to buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly…
- CVE-2025-10779Sep 22, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in D-Link DCS-935L up to 1.13.01. The impacted element is the function sub_402280 of the file /HNAP1/. The manipulation of the argument HNAP_AUTH/SOAPAction results in stack-based buffer overflow. The attack may be launched remotely. The exploit has…
- CVE-2025-10093Sep 8, 2025risk 0.00cvss —epss 0.01
A vulnerability was identified in D-Link DIR-852 up to 1.00CN B09. Affected by this vulnerability is the function phpcgi_main of the file /getcfg.php of the component Device Configuration Handler. Such manipulation leads to information disclosure. The attack may be performed…
- CVE-2025-10034Sep 6, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in D-Link DIR-825 1.08.01. This impacts the function get_ping6_app_stat of the file ping6_response.cg of the component httpd. Performing manipulation of the argument ping6_ipaddr results in buffer overflow. It is possible to initiate the attack…
Page 16 of 37