VYPR

Vendor CVEs

Dlink

All CVEs

1,843 total · sorted by risk
  • CVE-2015-0150CriApr 12, 2018
    risk 0.64cvss 9.8epss 0.02

    The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to bypass intended access restrictions via unspecified vectors.

  • CVE-2014-8888CriApr 12, 2018
    risk 0.64cvss 9.8epss 0.05

    The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an "HTTP command injection issue."

  • CVE-2018-9284CriApr 4, 2018
    risk 0.64cvss 9.8epss 0.05

    authentication.cgi on D-Link DIR-868L devices with Singapore StarHub firmware before v1.21SHCb03 allows remote attackers to execute arbitrary code.

  • CVE-2017-15909CriOct 26, 2017
    risk 0.64cvss 9.8epss 0.02

    D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access.

  • CVE-2017-14429CriSep 13, 2017
    risk 0.64cvss 9.8epss 0.05

    The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting…

  • CVE-2017-14421CriSep 13, 2017
    risk 0.64cvss 9.8epss 0.02

    D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session.

  • CVE-2017-14417CriSep 13, 2017
    risk 0.64cvss 9.8epss 0.01

    register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services.

  • CVE-2016-10405CriSep 7, 2017
    risk 0.64cvss 9.8epss 0.02

    Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors.

  • CVE-2017-11436CriJul 19, 2017
    risk 0.64cvss 9.8epss 0.02

    D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection.

  • CVE-2017-7406CriJul 7, 2017
    risk 0.64cvss 9.8epss 0.01

    The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being…

  • CVE-2017-7405CriJul 7, 2017
    risk 0.64cvss 9.8epss 0.02

    On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an attacker might be able to take over the administrative session without being…

  • CVE-2017-9542CriJun 11, 2017
    risk 0.64cvss 9.8epss 0.05

    D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device.

  • CVE-2017-9100HigMay 21, 2017
    risk 0.64cvss 8.8epss 0.85

    login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt.

  • CVE-2016-1558CriApr 21, 2017
    risk 0.64cvss 9.8epss 0.09

    Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, DAP-2695 1.16 and earlier, DAP-3320 1.00 and earlier, and DAP-3662 1.01 and…

  • CVE-2017-6205CriFeb 23, 2017
    risk 0.64cvss 9.8epss 0.02

    D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Command Bypass attacks via unspecified vectors.

  • CVE-2016-10182CriJan 30, 2017
    risk 0.64cvss 9.8epss 0.09

    An issue was discovered on the D-Link DWR-932B router. qmiweb allows command injection with ` characters.

  • CVE-2016-10178CriJan 30, 2017
    risk 0.64cvss 9.8epss 0.07

    An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command.

  • CVE-2016-10177CriJan 30, 2017
    risk 0.64cvss 9.8epss 0.07

    An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234.

  • CVE-2024-25331CriMar 12, 2024
    risk 0.61cvss 9.3epss 0.00

    DIR-822 Rev. B Firmware v2.02KRB09 and DIR-822-CA Rev. B Firmware v2.03WWb01 suffer from a LAN-Side Unauthenticated Remote Code Execution (RCE) vulnerability elevated from HNAP Stack-Based Buffer Overflow.

  • CVE-2018-17442HigOct 8, 2018
    risk 0.61cvss 8.8epss 0.14

    An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code.

  • CVE-2018-12710HigAug 29, 2018
    risk 0.61cvss 8.0epss 0.77

    An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the admin password being…

  • CVE-2017-17020HigMay 1, 2018
    risk 0.61cvss 8.8epss 0.15

    On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) allows remote authenticated…

  • CVE-2018-5371HigJan 12, 2018
    risk 0.61cvss 8.8epss 0.42

    diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request.

  • CVE-2017-7852HigApr 24, 2017
    risk 0.61cvss 8.8epss 0.04

    D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from…

  • CVE-2026-0625CriJan 5, 2026
    risk 0.60cvss epss 0.01

    Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can…

  • CVE-2025-29635HigKEVMar 25, 2025
    risk 0.60cvss 7.2epss 0.87

    A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution.

  • CVE-2017-7851HigNov 15, 2017
    risk 0.60cvss 8.8epss 0.02

    D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header.

  • CVE-2017-7398HigApr 4, 2017
    risk 0.60cvss 8.8epss 0.03

    D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from…

  • CVE-2017-6411HigMar 6, 2017
    risk 0.60cvss 8.8epss 0.03

    Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password.

  • CVE-2017-11564HigAug 24, 2018
    risk 0.58cvss 8.8epss 0.04

    The D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has multiple command injection vulnerabilities in the web service framework. An attacker can forge malicious HTTP requests to execute commands; authentication is required before executing the attack.

  • CVE-2018-10967HigMay 18, 2018
    risk 0.58cvss 8.8epss 0.04

    On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code execution.

  • CVE-2018-8941HigApr 3, 2018
    risk 0.58cvss 8.8epss 0.07

    Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. 1.01 has a buffer overflow, allowing authenticated remote attackers to execute arbitrary code via a long Addr value to the 'set Diagnostics_Entry' function in an HTTP request, related to /userfs/bin/tcapi.

  • CVE-2017-3193HigDec 16, 2017
    risk 0.58cvss 8.8epss 0.06

    Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service.

  • CVE-2026-12174HigJun 13, 2026
    risk 0.57cvss 8.8epss 0.01

    A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely.…

  • CVE-2026-10270HigJun 1, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpd_debug.asp of the component API. The manipulation of the argument Time results in stack-based buffer overflow. The attack may be performed from remote. The…

  • CVE-2026-10206HigJun 1, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an unknown function of the file /dbsrv.asp. Performing a manipulation of the argument str results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now…

  • CVE-2026-10183HigMay 31, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. This affects the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument enrollee leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly…

  • CVE-2026-10123HigMay 30, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetDomainFilter of the file /goform/formSetDomainFilter. Performing a manipulation of the argument blocked_domain/permitted_domain/blocked_domain_list/permitted_domain_list results in…

  • CVE-2026-10122HigMay 30, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file /goform/formSetProtocolFilter. Such manipulation of the argument protocol_name leads to stack-based buffer overflow. The attack may be performed from…

  • CVE-2026-10121HigMay 30, 2026
    risk 0.57cvss 8.8epss 0.00

    A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formSetUrlFilter of the file /goform/formSetUrlFilter. This manipulation of the argument keyword_list/keyword causes stack-based buffer overflow. The attack is possible to be carried out…

  • CVE-2026-10120HigMay 30, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSetFirewallRule of the file /goform/formSetFirewallRule. The manipulation of the argument firewall_name results in stack-based buffer overflow. The attack can be executed…

  • CVE-2026-10119HigMay 30, 2026
    risk 0.57cvss 8.8epss 0.00

    A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument filter_name leads to stack-based buffer overflow. Remote exploitation of the attack is…

  • CVE-2026-10063HigMay 29, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formWPS of the file /goform/formWPS. Such manipulation of the argument peerPin leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is…

  • CVE-2026-10062HigMay 29, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of the file /goform/formSetRoute. This manipulation of the argument ip/mask/gateway causes stack-based buffer overflow. The attack is possible to be carried…

  • CVE-2026-8260HigMay 11, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service of the component HNAP Service. The manipulation of the argument AdminPassword results in buffer overflow. The attack can…

  • CVE-2026-7855HigMay 5, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by this issue is the function tggl_asp of the file /tggl.asp of the component HTTP Request Handler. Performing a manipulation of the argument Name results in buffer overflow. The attack can be initiated…

  • CVE-2026-42372HigMay 4, 2026
    risk 0.57cvss 8.8epss 0.00

    D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35_dlwbr_dir605l" read from /etc/alpha_config/image_sign.…

  • CVE-2026-7289HigApr 28, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer overflow. The attack can be executed remotely. The exploit has been made public…

  • CVE-2026-7288HigApr 28, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub_4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit…

  • CVE-2026-7068HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.02

    A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD_process of the file sserver.c of the component nmbd. Such manipulation leads to buffer overflow. The attack can only be initiated within the local network. The exploit is publicly available…

Page 2 of 37