Vendor CVEs
Dlink
All CVEs
1,843 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-25896 | 0.00 | — | 0.00 | Feb 18, 2025 | A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01 via the destination, netmask, and gateway parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||
| CVE-2025-25892 | 0.00 | — | 0.00 | Feb 18, 2025 | A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01 via the sstartip, sendip, dstartip, and dendip parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||
| CVE-2025-25895 | 0.00 | — | 0.01 | Feb 18, 2025 | An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the public_type parameter. This vulnerability allows attackers to execute arbitrary operating system (OS) commands via a crafted packet. | |||
| CVE-2025-1392 | 0.00 | — | 0.07 | Feb 17, 2025 | A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/webproc?getpage=html/index.html&var:menu=24gwlan&var:page=24G_basic. The manipulation of the argument SSID leads… | |||
| CVE-2025-25745 | 0.00 | — | 0.01 | Feb 14, 2025 | D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetQuickVPNSettings module. | |||
| CVE-2025-25740 | 0.00 | — | 0.00 | Feb 14, 2025 | D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the PSK parameter in the SetQuickVPNSettings module. | |||
| CVE-2025-25742 | 0.00 | — | 0.01 | Feb 12, 2025 | D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the AccountPassword parameter in the SetSysEmailSettings module. | |||
| CVE-2025-25746 | 0.00 | — | 0.01 | Feb 12, 2025 | D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetWanSettings module. | |||
| CVE-2025-25743 | 0.00 | — | 0.02 | Feb 12, 2025 | D-Link DIR-853 A1 FW1.20B07 was discovered to contain a command injection vulnerability in the SetVirtualServerSettings module. | |||
| CVE-2025-25741 | 0.00 | — | 0.00 | Feb 12, 2025 | D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the IPv6_PppoePassword parameter in the SetIPv6PppoeSettings module. | |||
| CVE-2025-25744 | 0.00 | — | 0.01 | Feb 12, 2025 | D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetDynamicDNSSettings module. | |||
| CVE-2025-1104 | 0.00 | — | 0.03 | Feb 7, 2025 | A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass by spoofing. The attack can be initiated remotely. The exploit has been disclosed to the public and may… | |||
| CVE-2024-56914 | 0.00 | — | 0.00 | Jan 22, 2025 | D-Link DSL-3782 v1.01 is vulnerable to Buffer Overflow in /New_GUI/ParentalControl.asp. | |||
| CVE-2024-57683 | 0.00 | — | 0.01 | Jan 16, 2025 | An access control issue in the component websURLFilterAddDel of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the filter settings of the device via a crafted POST request. | |||
| CVE-2024-57684 | 0.00 | — | 0.14 | Jan 16, 2025 | An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request. | |||
| CVE-2024-57676 | 0.00 | — | 0.00 | Jan 16, 2025 | An access control issue in the component form2WlanBasicSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G wlan service of the device via a crafted POST request. | |||
| CVE-2024-57677 | 0.00 | — | 0.01 | Jan 16, 2025 | An access control issue in the component form2Wan.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the wan service of the device via a crafted POST request. | |||
| CVE-2024-57681 | 0.00 | — | 0.00 | Jan 16, 2025 | An access control issue in the component form2alg.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the agl service of the device via a crafted POST request. | |||
| CVE-2024-57678 | 0.00 | — | 0.00 | Jan 16, 2025 | An access control issue in the component form2WlAc.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G mac access control list of the device via a crafted POST request. | |||
| CVE-2024-57680 | 0.00 | — | 0.00 | Jan 16, 2025 | An access control issue in the component form2PortriggerRule.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the port trigger of the device via a crafted POST request. | |||
| CVE-2024-57682 | 0.00 | — | 0.00 | Jan 16, 2025 | An information disclosure vulnerability in the component d_status.asp of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to access sensitive information via a crafted POST request. | |||
| CVE-2024-57679 | 0.00 | — | 0.01 | Jan 16, 2025 | An access control issue in the component form2RepeaterSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G repeater service of the device via a crafted POST request. | |||
| CVE-2025-0492 | 0.00 | — | 0.02 | Jan 15, 2025 | A vulnerability has been found in D-Link DIR-823X 240126/240802 and classified as critical. Affected by this vulnerability is the function FUN_00412244. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the… | |||
| CVE-2025-0481 | 0.00 | — | 0.01 | Jan 15, 2025 | A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The… | |||
| CVE-2024-13108 | 0.00 | — | 0.01 | Jan 2, 2025 | A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been declared as critical. This vulnerability affects unknown code of the file /goform/form2NetSniper.cgi. The manipulation leads to improper access controls. The attack can be initiated remotely. The… | |||
| CVE-2024-13107 | 0.00 | — | 0.01 | Jan 2, 2025 | A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been classified as critical. This affects an unknown part of the file /goform/form2LocalAclEditcfg.cgi of the component ACL Handler. The manipulation leads to improper access controls. It is possible… | |||
| CVE-2024-13106 | 0.00 | — | 0.27 | Jan 2, 2025 | A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/form2IPQoSTcAdd of the component IP QoS Handler. The manipulation leads to improper access controls. The… | |||
| CVE-2024-13105 | 0.00 | — | 0.01 | Jan 2, 2025 | A vulnerability has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/form2Dhcpd.cgi of the component DHCPD Setting Handler. The manipulation leads to improper access… | |||
| CVE-2024-13104 | 0.00 | — | 0.01 | Jan 2, 2025 | A vulnerability, which was classified as critical, was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Affected is an unknown function of the file /goform/form2AdvanceSetup.cgi of the component WiFi Settings Handler. The manipulation leads to improper access controls. It is… | |||
| CVE-2024-13103 | 0.00 | — | 0.01 | Jan 2, 2025 | A vulnerability, which was classified as critical, has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This issue affects some unknown processing of the file /goform/form2AddVrtsrv.cgi of the component Virtual Service Handler. The manipulation leads to improper access… | |||
| CVE-2024-13102 | 0.00 | — | 0.01 | Jan 2, 2025 | A vulnerability classified as critical was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This vulnerability affects unknown code of the file /goform/DDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack can be initiated remotely.… | |||
| CVE-2024-13030 | 0.00 | — | 0.02 | Dec 30, 2024 | A vulnerability was found in D-Link DIR-823G 1.0.2B05_20181207. It has been rated as critical. This issue affects the function SetAutoRebootSettings/SetClientInfo/SetDMZSettings/SetFirewallSettings/SetParentsControlInfo/SetQoSSettings/SetVirtualServerSettings of the file /HNAP1/… | |||
| CVE-2024-36832 | 0.00 | — | 0.00 | Dec 17, 2024 | A NULL pointer dereference in D-Link DAP-1513 REVA_FIRMWARE_1.01 allows attackers to cause a Denial of Service (DoS) via a crafted web request without authentication. The vulnerability occurs in the /bin/webs binary of the firmware. When /bin/webs receives a carefully… | |||
| CVE-2024-36831 | 0.00 | — | 0.01 | Dec 17, 2024 | A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIRMWARE_1.10B04_BETA02_HOTFIX allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request without authentication. | |||
| CVE-2024-37605 | 0.00 | — | 0.01 | Dec 17, 2024 | A NULL pointer dereference in D-Link DIR-860L REVB_FIRMWARE_2.04.B04_ic5b allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | |||
| CVE-2024-37607 | 0.00 | — | 0.01 | Dec 17, 2024 | A Buffer overflow vulnerability in D-Link DAP-2555 REVA_FIRMWARE_1.20 allows remote attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | |||
| CVE-2024-37606 | 0.00 | — | 0.00 | Dec 17, 2024 | A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | |||
| CVE-2024-11960 | 0.00 | — | 0.02 | Nov 28, 2024 | A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated… | |||
| CVE-2024-11959 | 0.00 | — | 0.02 | Nov 28, 2024 | A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack… | |||
| CVE-2024-52755 | 0.00 | — | 0.01 | Nov 20, 2024 | D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the host_ip parameter in the ipsec_road_asp function. | |||
| CVE-2024-52754 | 0.00 | — | 0.01 | Nov 20, 2024 | D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function. | |||
| CVE-2024-52739 | 0.00 | — | 0.09 | Nov 20, 2024 | D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE) vulnerabilities in the msp_info_htm function via the flag and cmd parameters. | |||
| CVE-2024-52757 | 0.00 | — | 0.01 | Nov 20, 2024 | D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function. | |||
| CVE-2024-52759 | 0.00 | — | 0.06 | Nov 19, 2024 | D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function. | |||
| CVE-2024-52711 | 0.00 | — | 0.01 | Nov 19, 2024 | DI-8100 v16.07.26A1 is vulnerable to Buffer Overflow In the ip_position_asp function via the ip parameter. | |||
| CVE-2024-28730 | 0.00 | — | 0.00 | Nov 12, 2024 | Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the file upload feature of the VPN configuration module. | |||
| CVE-2024-28729 | 0.00 | — | 0.01 | Nov 12, 2024 | An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request. | |||
| CVE-2024-28731 | 0.00 | — | 0.00 | Nov 12, 2024 | Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the Port forwarding option. | |||
| CVE-2024-11068 | 0.00 | — | 0.01 | Nov 11, 2024 | The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account. | |||
| CVE-2024-11067 | 0.00 | — | 0.01 | Nov 11, 2024 | The D-Link DSL6740C modem has a Path Traversal Vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Additionally, since the device's default password is a combination of the MAC address, attackers can obtain the… |
- CVE-2025-25896Feb 18, 2025risk 0.00cvss —epss 0.00
A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01 via the destination, netmask, and gateway parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
- CVE-2025-25892Feb 18, 2025risk 0.00cvss —epss 0.00
A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01 via the sstartip, sendip, dstartip, and dendip parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
- CVE-2025-25895Feb 18, 2025risk 0.00cvss —epss 0.01
An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the public_type parameter. This vulnerability allows attackers to execute arbitrary operating system (OS) commands via a crafted packet.
- CVE-2025-1392Feb 17, 2025risk 0.00cvss —epss 0.07
A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/webproc?getpage=html/index.html&var:menu=24gwlan&var:page=24G_basic. The manipulation of the argument SSID leads…
- CVE-2025-25745Feb 14, 2025risk 0.00cvss —epss 0.01
D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetQuickVPNSettings module.
- CVE-2025-25740Feb 14, 2025risk 0.00cvss —epss 0.00
D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the PSK parameter in the SetQuickVPNSettings module.
- CVE-2025-25742Feb 12, 2025risk 0.00cvss —epss 0.01
D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the AccountPassword parameter in the SetSysEmailSettings module.
- CVE-2025-25746Feb 12, 2025risk 0.00cvss —epss 0.01
D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetWanSettings module.
- CVE-2025-25743Feb 12, 2025risk 0.00cvss —epss 0.02
D-Link DIR-853 A1 FW1.20B07 was discovered to contain a command injection vulnerability in the SetVirtualServerSettings module.
- CVE-2025-25741Feb 12, 2025risk 0.00cvss —epss 0.00
D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the IPv6_PppoePassword parameter in the SetIPv6PppoeSettings module.
- CVE-2025-25744Feb 12, 2025risk 0.00cvss —epss 0.01
D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetDynamicDNSSettings module.
- CVE-2025-1104Feb 7, 2025risk 0.00cvss —epss 0.03
A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass by spoofing. The attack can be initiated remotely. The exploit has been disclosed to the public and may…
- CVE-2024-56914Jan 22, 2025risk 0.00cvss —epss 0.00
D-Link DSL-3782 v1.01 is vulnerable to Buffer Overflow in /New_GUI/ParentalControl.asp.
- CVE-2024-57683Jan 16, 2025risk 0.00cvss —epss 0.01
An access control issue in the component websURLFilterAddDel of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the filter settings of the device via a crafted POST request.
- CVE-2024-57684Jan 16, 2025risk 0.00cvss —epss 0.14
An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request.
- CVE-2024-57676Jan 16, 2025risk 0.00cvss —epss 0.00
An access control issue in the component form2WlanBasicSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G wlan service of the device via a crafted POST request.
- CVE-2024-57677Jan 16, 2025risk 0.00cvss —epss 0.01
An access control issue in the component form2Wan.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the wan service of the device via a crafted POST request.
- CVE-2024-57681Jan 16, 2025risk 0.00cvss —epss 0.00
An access control issue in the component form2alg.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the agl service of the device via a crafted POST request.
- CVE-2024-57678Jan 16, 2025risk 0.00cvss —epss 0.00
An access control issue in the component form2WlAc.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G mac access control list of the device via a crafted POST request.
- CVE-2024-57680Jan 16, 2025risk 0.00cvss —epss 0.00
An access control issue in the component form2PortriggerRule.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the port trigger of the device via a crafted POST request.
- CVE-2024-57682Jan 16, 2025risk 0.00cvss —epss 0.00
An information disclosure vulnerability in the component d_status.asp of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to access sensitive information via a crafted POST request.
- CVE-2024-57679Jan 16, 2025risk 0.00cvss —epss 0.01
An access control issue in the component form2RepeaterSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G repeater service of the device via a crafted POST request.
- CVE-2025-0492Jan 15, 2025risk 0.00cvss —epss 0.02
A vulnerability has been found in D-Link DIR-823X 240126/240802 and classified as critical. Affected by this vulnerability is the function FUN_00412244. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the…
- CVE-2025-0481Jan 15, 2025risk 0.00cvss —epss 0.01
A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The…
- CVE-2024-13108Jan 2, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been declared as critical. This vulnerability affects unknown code of the file /goform/form2NetSniper.cgi. The manipulation leads to improper access controls. The attack can be initiated remotely. The…
- CVE-2024-13107Jan 2, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been classified as critical. This affects an unknown part of the file /goform/form2LocalAclEditcfg.cgi of the component ACL Handler. The manipulation leads to improper access controls. It is possible…
- CVE-2024-13106Jan 2, 2025risk 0.00cvss —epss 0.27
A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/form2IPQoSTcAdd of the component IP QoS Handler. The manipulation leads to improper access controls. The…
- CVE-2024-13105Jan 2, 2025risk 0.00cvss —epss 0.01
A vulnerability has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/form2Dhcpd.cgi of the component DHCPD Setting Handler. The manipulation leads to improper access…
- CVE-2024-13104Jan 2, 2025risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Affected is an unknown function of the file /goform/form2AdvanceSetup.cgi of the component WiFi Settings Handler. The manipulation leads to improper access controls. It is…
- CVE-2024-13103Jan 2, 2025risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This issue affects some unknown processing of the file /goform/form2AddVrtsrv.cgi of the component Virtual Service Handler. The manipulation leads to improper access…
- CVE-2024-13102Jan 2, 2025risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This vulnerability affects unknown code of the file /goform/DDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack can be initiated remotely.…
- CVE-2024-13030Dec 30, 2024risk 0.00cvss —epss 0.02
A vulnerability was found in D-Link DIR-823G 1.0.2B05_20181207. It has been rated as critical. This issue affects the function SetAutoRebootSettings/SetClientInfo/SetDMZSettings/SetFirewallSettings/SetParentsControlInfo/SetQoSSettings/SetVirtualServerSettings of the file /HNAP1/…
- CVE-2024-36832Dec 17, 2024risk 0.00cvss —epss 0.00
A NULL pointer dereference in D-Link DAP-1513 REVA_FIRMWARE_1.01 allows attackers to cause a Denial of Service (DoS) via a crafted web request without authentication. The vulnerability occurs in the /bin/webs binary of the firmware. When /bin/webs receives a carefully…
- CVE-2024-36831Dec 17, 2024risk 0.00cvss —epss 0.01
A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIRMWARE_1.10B04_BETA02_HOTFIX allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request without authentication.
- CVE-2024-37605Dec 17, 2024risk 0.00cvss —epss 0.01
A NULL pointer dereference in D-Link DIR-860L REVB_FIRMWARE_2.04.B04_ic5b allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
- CVE-2024-37607Dec 17, 2024risk 0.00cvss —epss 0.01
A Buffer overflow vulnerability in D-Link DAP-2555 REVA_FIRMWARE_1.20 allows remote attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
- CVE-2024-37606Dec 17, 2024risk 0.00cvss —epss 0.00
A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
- CVE-2024-11960Nov 28, 2024risk 0.00cvss —epss 0.02
A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated…
- CVE-2024-11959Nov 28, 2024risk 0.00cvss —epss 0.02
A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack…
- CVE-2024-52755Nov 20, 2024risk 0.00cvss —epss 0.01
D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the host_ip parameter in the ipsec_road_asp function.
- CVE-2024-52754Nov 20, 2024risk 0.00cvss —epss 0.01
D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function.
- CVE-2024-52739Nov 20, 2024risk 0.00cvss —epss 0.09
D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE) vulnerabilities in the msp_info_htm function via the flag and cmd parameters.
- CVE-2024-52757Nov 20, 2024risk 0.00cvss —epss 0.01
D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function.
- CVE-2024-52759Nov 19, 2024risk 0.00cvss —epss 0.06
D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function.
- CVE-2024-52711Nov 19, 2024risk 0.00cvss —epss 0.01
DI-8100 v16.07.26A1 is vulnerable to Buffer Overflow In the ip_position_asp function via the ip parameter.
- CVE-2024-28730Nov 12, 2024risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the file upload feature of the VPN configuration module.
- CVE-2024-28729Nov 12, 2024risk 0.00cvss —epss 0.01
An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request.
- CVE-2024-28731Nov 12, 2024risk 0.00cvss —epss 0.00
Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the Port forwarding option.
- CVE-2024-11068Nov 11, 2024risk 0.00cvss —epss 0.01
The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account.
- CVE-2024-11067Nov 11, 2024risk 0.00cvss —epss 0.01
The D-Link DSL6740C modem has a Path Traversal Vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Additionally, since the device's default password is a combination of the MAC address, attackers can obtain the…
Page 20 of 37