VYPR

Vendor CVEs

Dlink

All CVEs

1,843 total · sorted by risk
  • CVE-2024-41610Jul 30, 2024
    risk 0.00cvss epss 0.01

    D-Link DIR-820LW REVB FIRMWARE PATCH 2.03.B01_TC contains hardcoded credentials in the Telnet service, enabling attackers to log in remotely to the Telnet service and perform arbitrary commands.

  • CVE-2024-41611Jul 30, 2024
    risk 0.00cvss epss 0.01

    In D-Link DIR-860L REVA FIRMWARE PATCH 1.10..B04, the Telnet service contains hardcoded credentials, enabling attackers to log in remotely to the Telnet service and perform arbitrary commands.

  • CVE-2024-38438Jul 21, 2024
    risk 0.00cvss epss 0.01

    D-Link - CWE-294: Authentication Bypass by Capture-replay

  • CVE-2024-38437Jul 21, 2024
    risk 0.00cvss epss 0.01

    D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel

  • CVE-2024-40505Jul 16, 2024
    risk 0.00cvss epss 0.00

    Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component.

  • CVE-2024-39202Jul 8, 2024
    risk 0.00cvss epss 0.01

    D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE) vulnerability via the dhcpd_startip parameter at /goform/set_lan_settings.

  • CVE-2024-6525Jul 5, 2024
    risk 0.00cvss epss 0.03

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20230922. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to deserialization. The…

  • CVE-2024-36755Jun 27, 2024
    risk 0.00cvss epss 0.00

    D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle attack.

  • CVE-2024-37630Jun 13, 2024
    risk 0.00cvss epss 0.00

    D-Link DIR-605L v2.13B01 was discovered to contain a hardcoded password vulnerability in /etc/passwd, which allows attackers to log in as root.

  • CVE-2023-30309May 28, 2024
    risk 0.00cvss epss 0.00

    An issue discovered in D-Link DI-7003GV2 routers allows attackers to hijack TCP sessions which could lead to a denial of service.

  • CVE-2024-5299May 23, 2024
    risk 0.00cvss epss 0.02

    D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the…

  • CVE-2024-5298May 23, 2024
    risk 0.00cvss epss 0.02

    D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this…

  • CVE-2024-5297May 23, 2024
    risk 0.00cvss epss 0.02

    D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing…

  • CVE-2024-5296May 23, 2024
    risk 0.00cvss epss 0.01

    D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw…

  • CVE-2024-5295May 23, 2024
    risk 0.00cvss epss 0.02

    D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. …

  • CVE-2024-5294May 23, 2024
    risk 0.00cvss epss 0.00

    D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit…

  • CVE-2024-5293May 23, 2024
    risk 0.00cvss epss 0.02

    D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640-US routers. Authentication is not required to exploit this…

  • CVE-2024-5292May 23, 2024
    risk 0.00cvss epss 0.01

    D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of D-Link Network Assistant. An attacker must first obtain the ability to execute…

  • CVE-2024-5291May 23, 2024
    risk 0.00cvss epss 0.02

    D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this…

  • CVE-2024-4965May 16, 2024
    risk 0.00cvss epss 0.03

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This issue affects some unknown processing of the file /useratte/resmanage.php. The manipulation of the argument load leads to os command injection. The…

  • CVE-2024-4964May 16, 2024
    risk 0.00cvss epss 0.02

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This vulnerability affects unknown code of the file /firewall/urlblist.php. The manipulation of the argument file leads to unrestricted upload. The…

  • CVE-2024-4963May 16, 2024
    risk 0.00cvss epss 0.03

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000-40 V31R02B1413C. This affects an unknown part of the file /url/url.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to…

  • CVE-2024-4962May 16, 2024
    risk 0.00cvss epss 0.02

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000-40 V31R02B1413C. Affected by this issue is some unknown functionality of the file /useratte/resmanage.php. The manipulation of the argument file leads to…

  • CVE-2024-4961May 16, 2024
    risk 0.00cvss epss 0.02

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DAR-7000-40 V31R02B1413C. Affected by this vulnerability is an unknown functionality of the file /user/onlineuser.php. The manipulation of the argument file_upload leads to unrestricted…

  • CVE-2024-4960May 16, 2024
    risk 0.00cvss epss 0.02

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DAR-7000-40 V31R02B1413C. Affected is an unknown function of the file interface/sysmanage/licenseauthorization.php. The manipulation of the argument file_upload leads to unrestricted…

  • CVE-2024-33774May 10, 2024
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanSetup_Wizard allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage."

  • CVE-2024-33773May 10, 2024
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanGuestSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage."

  • CVE-2024-33772May 10, 2024
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formTcpipSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter "curTime."

  • CVE-2024-33771May 10, 2024
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via goform/formWPS, allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage."

  • CVE-2024-4699May 10, 2024
    risk 0.00cvss epss 0.06

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230922. This issue affects some unknown processing of the file /importhtml.php. The manipulation of the argument sql leads to deserialization. The…

  • CVE-2023-37325May 7, 2024
    risk 0.00cvss epss 0.00

    D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability. This vulnerability allows network-adjacent attackers to make unauthorized changes to device configuration on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this…

  • CVE-2023-35757May 7, 2024
    risk 0.00cvss epss 0.01

    D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to…

  • CVE-2023-35749May 7, 2024
    risk 0.00cvss epss 0.01

    D-Link DAP-2622 DDP Firmware Upgrade Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to…

  • CVE-2023-35748May 7, 2024
    risk 0.00cvss epss 0.01

    D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not…

  • CVE-2024-33112May 6, 2024
    risk 0.00cvss epss 0.06

    D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func.

  • CVE-2024-33111May 6, 2024
    risk 0.00cvss epss 0.01

    D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php.

  • CVE-2024-33110May 6, 2024
    risk 0.00cvss epss 0.01

    D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php component.

  • CVE-2023-51629May 3, 2024
    risk 0.00cvss epss 0.04

    D-Link DCS-8300LHV2 ONVIF Hardcoded PIN Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability. …

  • CVE-2023-51628May 3, 2024
    risk 0.00cvss epss 0.01

    D-Link DCS-8300LHV2 ONVIF SetHostName Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required…

  • CVE-2023-51627May 3, 2024
    risk 0.00cvss epss 0.01

    D-Link DCS-8300LHV2 ONVIF Duration Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to…

  • CVE-2023-51626May 3, 2024
    risk 0.00cvss epss 0.01

    D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Username Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras.…

  • CVE-2023-51625May 3, 2024
    risk 0.00cvss epss 0.02

    D-Link DCS-8300LHV2 ONVIF SetSystemDateAndTime Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required…

  • CVE-2023-51624May 3, 2024
    risk 0.00cvss epss 0.01

    D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Nonce Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication…

  • CVE-2023-51623May 3, 2024
    risk 0.00cvss epss 0.01

    D-Link DIR-X3260 prog.cgi SetAPClientSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to…

  • CVE-2023-51622May 3, 2024
    risk 0.00cvss epss 0.01

    D-Link DIR-X3260 prog.cgi SetTriggerPPPoEValidate Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to…

  • CVE-2023-51621May 3, 2024
    risk 0.00cvss epss 0.01

    D-Link DIR-X3260 prog.cgi SetDeviceSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to…

  • CVE-2023-51620May 3, 2024
    risk 0.00cvss epss 0.01

    D-Link DIR-X3260 prog.cgi SetIPv6PppoeSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to…

  • CVE-2023-51619May 3, 2024
    risk 0.00cvss epss 0.01

    D-Link DIR-X3260 prog.cgi SetMyDLinkRegistration Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to…

  • CVE-2023-51618May 3, 2024
    risk 0.00cvss epss 0.01

    D-Link DIR-X3260 prog.cgi SetWLanRadioSecurity Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to…

  • CVE-2023-51617May 3, 2024
    risk 0.00cvss epss 0.01

    D-Link DIR-X3260 prog.cgi SetWanSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit…

Page 23 of 37