VYPR

Vendor CVEs

Dlink

All CVEs

1,843 total · sorted by risk
  • CVE-2022-27292Apr 10, 2022
    risk 0.00cvss epss 0.01

    D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formLanguageChange. This vulnerability allows attackers to cause a Denial of Service (DoS) via the nextPage parameter.

  • CVE-2022-27293Apr 10, 2022
    risk 0.00cvss epss 0.03

    D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter.

  • CVE-2022-27294Apr 10, 2022
    risk 0.00cvss epss 0.01

    D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanWizardSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter.

  • CVE-2022-27295Apr 10, 2022
    risk 0.00cvss epss 0.01

    D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formAdvanceSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter.

  • CVE-2021-43474Apr 7, 2022
    risk 0.00cvss epss 0.03

    An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter in the HNAP1 function

  • CVE-2022-26670Apr 7, 2022
    risk 0.00cvss epss 0.02

    D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to control the system or disrupt service.

  • CVE-2021-43722Mar 31, 2022
    risk 0.00cvss epss 0.03

    D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size.

  • CVE-2021-31326Mar 23, 2022
    risk 0.00cvss epss 0.02

    D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi.

  • CVE-2021-46353Mar 4, 2022
    risk 0.00cvss epss 0.02

    An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote unauthenticated attacker to send a specially crafted HTTP request and gain knowledge of different absolute paths that are being used by the web application.

  • CVE-2022-25106Mar 4, 2022
    risk 0.00cvss epss 0.09

    D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.

  • CVE-2021-46108Feb 18, 2022
    risk 0.00cvss epss 0.01

    D-Link DSL-2730E CT-20131125 devices allow XSS via the username parameter to the password page in the maintenance configuration.

  • CVE-2021-41445Feb 10, 2022
    risk 0.00cvss epss 0.02

    A reflected cross-site-scripting attack in web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to execute code in the device of the victim via sending a specific URL to the unauthenticated victim.

  • CVE-2021-41442Feb 9, 2022
    risk 0.00cvss epss 0.05

    An HTTP smuggling attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet.

  • CVE-2021-41441Feb 9, 2022
    risk 0.00cvss epss 0.02

    A DoS attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to reboot the router via sending a specially crafted URL to an authenticated victim. The authenticated victim need to visit this URL, for the router to reboot.

  • CVE-2021-45998Feb 4, 2022
    risk 0.00cvss epss 0.04

    D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the LocalIPAddress parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.

  • CVE-2021-46226Feb 4, 2022
    risk 0.00cvss epss 0.04

    D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function wget_test.asp. This vulnerability allows attackers to execute arbitrary commands via the url parameter.

  • CVE-2021-46228Feb 4, 2022
    risk 0.00cvss epss 0.04

    D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpd_debug.asp. This vulnerability allows attackers to execute arbitrary commands via the time parameter.

  • CVE-2021-46229Feb 4, 2022
    risk 0.00cvss epss 0.04

    D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function usb_paswd.asp. This vulnerability allows attackers to execute arbitrary commands via the name parameter.

  • CVE-2021-46230Feb 4, 2022
    risk 0.00cvss epss 0.04

    D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function upgrade_filter. This vulnerability allows attackers to execute arbitrary commands via the path and time parameters.

  • CVE-2021-46231Feb 4, 2022
    risk 0.00cvss epss 0.04

    D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function urlrd_opt.asp. This vulnerability allows attackers to execute arbitrary commands via the url_en parameter.

  • CVE-2021-46233Feb 4, 2022
    risk 0.00cvss epss 0.04

    D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function msp_info.htm. This vulnerability allows attackers to execute arbitrary commands via the cmd parameter.

  • CVE-2021-46232Feb 4, 2022
    risk 0.00cvss epss 0.04

    D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function version_upgrade.asp. This vulnerability allows attackers to execute arbitrary commands via the path parameter.

  • CVE-2021-46452Feb 4, 2022
    risk 0.00cvss epss 0.04

    D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via the tomography_ping_address, tomography_ping_number,…

  • CVE-2021-46453Feb 4, 2022
    risk 0.00cvss epss 0.04

    D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStaticRouteSettings. This vulnerability allows attackers to execute arbitrary commands via the staticroute_list parameter.

  • CVE-2021-46455Feb 4, 2022
    risk 0.00cvss epss 0.04

    D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStationSettings. This vulnerability allows attackers to execute arbitrary commands via the station_access_enable parameter.

  • CVE-2021-46456Feb 4, 2022
    risk 0.00cvss epss 0.04

    D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanACLSettings. This vulnerability allows attackers to execute arbitrary commands via the wl(0).(0)_maclist parameter.

  • CVE-2021-46457Feb 4, 2022
    risk 0.00cvss epss 0.04

    D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function ChgSambaUserSettings. This vulnerability allows attackers to execute arbitrary commands via the samba_name parameter.

  • CVE-2021-20134Dec 30, 2021
    risk 0.00cvss epss 0.08

    Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set an arbitrary file on the router's filesystem as the log file used by either Quagga service (zebra…

  • CVE-2021-20133Dec 30, 2021
    risk 0.00cvss epss 0.02

    Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set the "message of the day" banner to any file on the system, allowing them to read all or some of…

  • CVE-2021-20132Dec 30, 2021
    risk 0.00cvss epss 0.04

    Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router (i.e., as the…

  • CVE-2021-33265Dec 1, 2021
    risk 0.00cvss epss 0.14

    D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80046eb4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request.

  • CVE-2021-33266Dec 1, 2021
    risk 0.00cvss epss 0.17

    D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualApp. This vulnerability is triggered via a crafted POST request.

  • CVE-2021-33267Dec 1, 2021
    risk 0.00cvss epss 0.04

    D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80034d60 in /formStaticDHCP. This vulnerability is triggered via a crafted POST request.

  • CVE-2021-33268Dec 1, 2021
    risk 0.00cvss epss 0.04

    D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_8003183C in /fromLogin. This vulnerability is triggered via a crafted POST request.

  • CVE-2021-33269Dec 1, 2021
    risk 0.00cvss epss 0.04

    D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualServ. This vulnerability is triggered via a crafted POST request.

  • CVE-2021-33271Dec 1, 2021
    risk 0.00cvss epss 0.04

    D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_80046EB4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request.

  • CVE-2021-33270Dec 1, 2021
    risk 0.00cvss epss 0.04

    D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_800462c4 in /formAdvFirewall. This vulnerability is triggered via a crafted POST request.

  • CVE-2021-33274Dec 1, 2021
    risk 0.00cvss epss 0.04

    D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80040af8 in /formWlanSetup. This vulnerability is triggered via a crafted POST request.

  • CVE-2021-42783Nov 23, 2021
    risk 0.00cvss epss 0.04

    Missing Authentication for Critical Function vulnerability in debug_post_set.cgi of D-Link DWR-932C E1 firmware allows an unauthenticated attacker to execute administrative actions.

  • CVE-2021-42784Nov 23, 2021
    risk 0.00cvss epss 0.07

    OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 firmware allows a remote attacker to perform command injection via a crafted HTTP request.

  • CVE-2020-25366Nov 4, 2021
    risk 0.00cvss epss 0.03

    An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors.

  • CVE-2021-33259Oct 31, 2021
    risk 0.00cvss epss 0.02

    Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history.

  • CVE-2021-34863Oct 25, 2021
    risk 0.00cvss epss 0.01

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:page parameter…

  • CVE-2021-34862Oct 25, 2021
    risk 0.00cvss epss 0.01

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:menu parameter…

  • CVE-2021-34861Oct 25, 2021
    risk 0.00cvss epss 0.01

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the webproc endpoint, which listens on TCP…

  • CVE-2021-41753Sep 27, 2021
    risk 0.00cvss epss 0.05

    A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1.04B04, and DIR-X6060, v1.11B04 allows a remote unauthenticated attacker to disconnect a wireless client via sending specific spoofed SAE authentication frames.

  • CVE-2021-40654Sep 24, 2021
    risk 0.00cvss epss 0.02

    An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page

  • CVE-2021-41504Sep 24, 2021
    risk 0.00cvss epss 0.00

    An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN…

  • CVE-2021-41503Sep 24, 2021
    risk 0.00cvss epss 0.00

    DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the…

  • CVE-2021-21913Sep 23, 2021
    risk 0.00cvss epss 0.02

    An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to command execution. An attacker can connect to the MQTT service to trigger this vulnerability.

Page 32 of 37