VYPR

Vendor CVEs

Dlink

All CVEs

1,843 total · sorted by risk
  • CVE-2025-60671Nov 13, 2025
    risk 0.00cvss epss 0.01

    A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linux_vlan_reinit file. The vulnerability occurs because content read from this file is only…

  • CVE-2025-60697Nov 13, 2025
    risk 0.00cvss epss 0.03

    A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. The `sub_4438A4` function in `prog.cgi` stores user-supplied DDNS parameters (`ServerAddress` and `Hostname`) in NVRAM via `nvram_safe_set`.…

  • CVE-2025-60676Nov 13, 2025
    risk 0.00cvss epss 0.03

    An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetNetworkSettings' functionality of prog.cgi, where the 'IPAddress' and 'SubnetMask' parameters are directly concatenated into shell…

  • CVE-2025-60673Nov 13, 2025
    risk 0.00cvss epss 0.03

    An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDMZSettings' functionality, where the 'IPAddress' parameter in prog.cgi is stored in NVRAM and later used by librcm.so to construct…

  • CVE-2025-60679Nov 13, 2025
    risk 0.00cvss epss 0.01

    A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1.10CNB05_R1B011D88210.img in the upload.cgi module, which handles firmware version information. The vulnerability occurs because /proc/version is read into a 512-byte buffer and…

  • CVE-2025-60700Nov 13, 2025
    risk 0.00cvss epss 0.03

    A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `librcm.so` binaries. The `sub_4455BC` function in `prog.cgi` stores user-supplied `SetDMZSettings/IPAddress` values in NVRAM via…

  • CVE-2025-60675Nov 13, 2025
    risk 0.00cvss epss 0.01

    A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /tmp/new_qos.rule configuration file. The vulnerability occurs because parsed fields from the configuration…

  • CVE-2025-60698Nov 13, 2025
    risk 0.00cvss epss 0.03

    A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. The `sub_432F60` function in `prog.cgi` stores user-supplied `SetSysLogSettings/IPAddress` values in NVRAM via…

  • CVE-2018-25120Oct 29, 2025
    risk 0.00cvss epss 0.10

    D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a command injection vulnerability in the Mail Test functionality. The web maintenance script posts to the internal goForm endpoint '/goform/Mail_Test' and uses several form parameters…

  • CVE-2025-12295Oct 27, 2025
    risk 0.00cvss epss 0.00

    A weakness has been identified in D-Link DAP-2695 2.00RC13. The affected element is the function sub_40C6B8 of the component Firmware Update Handler. Executing manipulation can lead to improper verification of cryptographic signature. The attack can be launched remotely. Attacks…

  • CVE-2025-60559Oct 24, 2025
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetDomainFilter.

  • CVE-2025-60565Oct 24, 2025
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSchedule.

  • CVE-2025-60571Oct 24, 2025
    risk 0.00cvss epss 0.00

    D-Link DIR600LAx FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetQoS.

  • CVE-2025-60556Oct 24, 2025
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizard1.

  • CVE-2025-60555Oct 24, 2025
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizardSelectMode.

  • CVE-2025-60547Oct 24, 2025
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard7.

  • CVE-2025-60572Oct 24, 2025
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvNetwork.

  • CVE-2025-60554Oct 24, 2025
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEnableWizard.

  • CVE-2025-60553Oct 24, 2025
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard52.

  • CVE-2025-60552Oct 24, 2025
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formTcpipSetup.

  • CVE-2025-60562Oct 24, 2025
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formWlSiteSurvey.

  • CVE-2025-60550Oct 24, 2025
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formEasySetTimezone.

  • CVE-2025-60551Oct 24, 2025
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the next_page parameter in the function formDeviceReboot.

  • CVE-2025-60557Oct 24, 2025
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEasy_Wizard.

  • CVE-2025-60561Oct 24, 2025
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEmail.

  • CVE-2025-60563Oct 24, 2025
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetPortTr.

  • CVE-2025-60558Oct 24, 2025
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formVirtualServ.

  • CVE-2025-60570Oct 24, 2025
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLogDnsquery.

  • CVE-2025-60548Oct 24, 2025
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLanSetupRouterSettings.

  • CVE-2025-60566Oct 24, 2025
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetMACFilter.

  • CVE-2025-60568Oct 24, 2025
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvFirewall.

  • CVE-2025-60549Oct 24, 2025
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAutoDetecWAN_wizard4.

  • CVE-2025-60564Oct 24, 2025
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetLog.

  • CVE-2025-60569Oct 24, 2025
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetRoute.

  • CVE-2025-60332Oct 22, 2025
    risk 0.00cvss epss 0.05

    A NULL pointer dereference in the SetWLanRadioSettings function of D-Link DIR-823G A1 v1.0.2B05 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

  • CVE-2025-60331Oct 22, 2025
    risk 0.00cvss epss 0.01

    D-Link DIR-823G A1 v1.0.2B05 was discovered to contain a buffer overflow in the FillMacCloneMac parameter in the /EXCU_SHELL endpoint. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2025-52079Oct 21, 2025
    risk 0.00cvss epss 0.00

    The administrator password setting of the D-Link DIR-820L 1.06B02 is has Improper Access Control and is vulnerable to Unverified Password Change via crafted POST request to /get_set.ccp.

  • CVE-2025-34253Oct 16, 2025
    risk 0.00cvss epss 0.01

    D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain a stored cross-site scripting (XSS) vulnerability due to improper sanitization of the 'Network' field when editing the configuration, creating a profile, and adding a network. An authenticated attacker can inject…

  • CVE-2025-34255Oct 16, 2025
    risk 0.00cvss epss 0.01

    D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account.…

  • CVE-2025-34254Oct 16, 2025
    risk 0.00cvss epss 0.01

    D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Login' endpoint returns distinct JSON responses depending on whether the supplied username is associated with an existing account. Because the…

  • CVE-2025-11665Oct 13, 2025
    risk 0.00cvss epss 0.07

    A vulnerability was detected in D-Link DAP-2695 2.00RC131. This affects the function fwupdater_main of the file rgbin of the component Firmware Update Handler. Performing manipulation results in os command injection. The attack may be initiated remotely. This vulnerability only…

  • CVE-2025-61577Oct 9, 2025
    risk 0.00cvss epss 0.05

    D-Link DIR-816A2_FWv1.10CNB05 was discovered to contain a stack overflow via the statuscheckpppoeuser parameter in the dir_setWanWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2025-11408Oct 7, 2025
    risk 0.00cvss epss 0.01

    A security vulnerability has been detected in D-Link DI-7001 MINI 24.04.18B1. The affected element is an unknown function of the file /dbsrv.asp. Such manipulation of the argument str leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed…

  • CVE-2025-11339Oct 6, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been found in D-Link DI-7100G C1 up to 20250928. This issue affects the function sub_4BD4F8 of the file /webchat/hi_block.asp of the component jhttpd. The manipulation of the argument popupId leads to buffer overflow. The attack can be initiated remotely. The…

  • CVE-2025-11338Oct 6, 2025
    risk 0.00cvss epss 0.01

    A flaw has been found in D-Link DI-7100G C1 up to 20250928. This vulnerability affects the function sub_4C0990 of the file /webchat/login.cgi of the component jhttpd. Executing manipulation of the argument openid can lead to buffer overflow. It is possible to launch the attack…

  • CVE-2025-57637Sep 23, 2025
    risk 0.00cvss epss 0.01

    Buffer overflow vulnerability in D-Link DI-7100G 2020-02-21 in the sub_451754 function of the jhttpd service in the viav4 parameter allowing attackers to cause a denial of service or execute arbitrary code.

  • CVE-2025-10792Sep 22, 2025
    risk 0.00cvss epss 0.03

    A security vulnerability has been detected in D-Link DIR-513 A1FW110. Affected is an unknown function of the file /goform/formWPS. Such manipulation of the argument webpage leads to buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly…

  • CVE-2025-10779Sep 22, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in D-Link DCS-935L up to 1.13.01. The impacted element is the function sub_402280 of the file /HNAP1/. The manipulation of the argument HNAP_AUTH/SOAPAction results in stack-based buffer overflow. The attack may be launched remotely. The exploit has…

  • CVE-2025-10093Sep 8, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was identified in D-Link DIR-852 up to 1.00CN B09. Affected by this vulnerability is the function phpcgi_main of the file /getcfg.php of the component Device Configuration Handler. Such manipulation leads to information disclosure. The attack may be performed…

  • CVE-2025-10034Sep 6, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in D-Link DIR-825 1.08.01. This impacts the function get_ping6_app_stat of the file ping6_response.cg of the component httpd. Performing manipulation of the argument ping6_ipaddr results in buffer overflow. It is possible to initiate the attack…

Page 16 of 37