VYPR

Vendor CVEs

Dlink

All CVEs

1,843 total · sorted by risk
  • CVE-2020-15894Jul 22, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin…

  • CVE-2020-15896Jul 22, 2020
    risk 0.00cvss epss 0.02

    An authentication-bypass issue was discovered on D-Link DAP-1522 devices 1.4x before 1.10b04Beta02. There exist a few pages that are directly accessible by any unauthorized user, e.g., logout.php and login.php. This occurs because of checking the value of NO_NEED_AUTH. If the…

  • CVE-2020-12774Jul 22, 2020
    risk 0.00cvss epss 0.00

    D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command.

  • CVE-2020-13150Jun 15, 2020
    risk 0.00cvss epss 0.00

    D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active.

  • CVE-2020-13960Jun 8, 2020
    risk 0.00cvss epss 0.01

    D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses (and also offer Internet services such as HTTP) for names that otherwise would…

  • CVE-2020-13783Jun 3, 2020
    risk 0.00cvss epss 0.01

    D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.

  • CVE-2020-13784Jun 3, 2020
    risk 0.00cvss epss 0.01

    D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.

  • CVE-2020-13785Jun 3, 2020
    risk 0.00cvss epss 0.01

    D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.

  • CVE-2020-13786Jun 3, 2020
    risk 0.00cvss epss 0.01

    D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.

  • CVE-2020-13787Jun 3, 2020
    risk 0.00cvss epss 0.01

    D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.

  • CVE-2020-13135May 18, 2020
    risk 0.00cvss epss 0.01

    D-Link DSP-W215 1.26b03 devices allow information disclosure by intercepting messages on the local network, as demonstrated by a Squid Proxy.

  • CVE-2020-13136May 18, 2020
    risk 0.00cvss epss 0.01

    D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer.

  • CVE-2019-18666May 15, 2020
    risk 0.00cvss epss 0.03

    An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Versions 609EU through…

  • CVE-2020-9279Apr 20, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A hard-coded account allows management-interface login with high privileges. The logged-in user can perform critical tasks and take full control of the device.

  • CVE-2020-9278Apr 20, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The device can be reset to its default configuration by accessing an unauthenticated URL.

  • CVE-2020-9277Apr 20, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authentication can be bypassed when accessing cgi modules. This allows one to perform administrative tasks (e.g., modify the admin password) with no authentication.

  • CVE-2020-9276Apr 20, 2020
    risk 0.00cvss epss 0.03

    An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The function do_cgi(), which processes cgi requests supplied to the device's web servers, is vulnerable to a remotely exploitable stack-based buffer overflow. Unauthenticated exploitation is possible by combining…

  • CVE-2020-9275Apr 20, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A cfm UDP service listening on port 65002 allows remote, unauthenticated exfiltration of administrative credentials.

  • CVE-2020-6765Apr 10, 2020
    risk 0.00cvss epss 0.01

    D-Link DSL-GS225 J1 AU_1.0.4 devices allow an admin to execute OS commands by placing shell metacharacters after a supported CLI command, as demonstrated by ping -c1 127.0.0.1; cat/etc/passwd. The CLI is reachable by TELNET.

  • CVE-2020-8863Mar 23, 2020
    risk 0.00cvss epss 0.77

    This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the…

  • CVE-2019-12767Mar 21, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H Hot Fix. Attackers can execute arbitrary commands.

  • CVE-2019-15656Mar 19, 2020
    risk 0.00cvss epss 0.01

    D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of username_v and password_v variables.

  • CVE-2019-15655Mar 19, 2020
    risk 0.00cvss epss 0.01

    D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /romfile.cfg request to the web management server. This request doesn't require any authentication and will lead to saving the configuration file. The password is stored in cleartext.

  • CVE-2020-10214Mar 7, 2020
    risk 0.00cvss epss 0.18

    An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntp_sync.cgi with a sufficiently long parameter ntp_server.

  • CVE-2020-10215Mar 7, 2020
    risk 0.00cvss epss 0.06

    An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.

  • CVE-2020-10216Mar 7, 2020
    risk 0.00cvss epss 0.06

    An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.

  • CVE-2020-10213Mar 7, 2020
    risk 0.00cvss epss 0.05

    An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.

  • CVE-2020-9544Mar 5, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered on D-Link DSL-2640B E1 EU_1.01 devices. The administrative interface doesn't perform authentication checks for a firmware-update POST request. Any attacker that can access the administrative interface can install firmware of their choice.

  • CVE-2019-19226Mar 4, 2020
    risk 0.00cvss epss 0.03

    A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to enable or disable MAC address filtering by submitting a crafted Forms/WlanMacFilter_1 POST request without being authenticated on the admin…

  • CVE-2019-19225Mar 4, 2020
    risk 0.00cvss epss 0.03

    A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to change DNS servers without being authenticated on the admin interface by submitting a crafted Forms/dns_1 POST request.

  • CVE-2019-19224Mar 4, 2020
    risk 0.00cvss epss 0.03

    A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to download the configuration (binary file) settings by submitting a rom-0 GET request without being authenticated on the admin interface.

  • CVE-2019-19223Mar 4, 2020
    risk 0.00cvss epss 0.04

    A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to reboot the router by submitting a reboot.html GET request without being authenticated on the admin interface.

  • CVE-2019-19222Mar 4, 2020
    risk 0.00cvss epss 0.02

    A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wireless_autonetwork_1 POST request.

  • CVE-2020-9534Mar 1, 2020
    risk 0.00cvss epss 0.02

    fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup webpage parameter when f_radius_ip1 is malformed.

  • CVE-2020-9535Mar 1, 2020
    risk 0.00cvss epss 0.02

    fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup_Wizard webpage parameter when f_radius_ip1 is malformed.

  • CVE-2020-8862Feb 22, 2020
    risk 0.00cvss epss 0.13

    This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The…

  • CVE-2020-8861Feb 22, 2020
    risk 0.00cvss epss 0.07

    This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login…

  • CVE-2020-6842Feb 21, 2020
    risk 0.00cvss epss 0.02

    D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name.

  • CVE-2020-6841Feb 21, 2020
    risk 0.00cvss epss 0.03

    D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter.

  • CVE-2020-8962Feb 13, 2020
    risk 0.00cvss epss 0.02

    A stack-based buffer overflow was found on the D-Link DIR-842 REVC with firmware v3.13B09 HOTFIX due to the use of strcpy for LOGINPASSWORD when handling a POST request to the /MTFWU endpoint.

  • CVE-2013-3096Feb 7, 2020
    risk 0.00cvss epss 0.01

    D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking" vulnerability.

  • CVE-2019-20217Jan 29, 2020
    risk 0.00cvss epss 0.04

    D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishandled. The value of the urn: service/device is checked with the strstr function,…

  • CVE-2019-20216Jan 29, 2020
    risk 0.00cvss epss 0.04

    D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishandled. The value of the urn: service/device is checked with the strstr function,…

  • CVE-2012-6613Jan 25, 2020
    risk 0.00cvss epss 0.02

    D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account.

  • CVE-2019-20213Jan 2, 2020
    risk 0.00cvss epss 0.02

    D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.

  • CVE-2018-7859Dec 30, 2019
    risk 0.00cvss epss 0.01

    A security vulnerability in D-Link DGS-1510-series switches with firmware 1.20.011, 1.30.007, 1.31.B003 and older that may allow a remote attacker to inject malicious scripts in the device and execute commands via browser that is configuring the unit.

  • CVE-2019-16327Dec 26, 2019
    risk 0.00cvss epss 0.02

    D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypass. They do not check for authentication at the server side and rely on client-side validation, which is bypassable. NOTE: this is an end-of-life product.

  • CVE-2019-16326Dec 26, 2019
    risk 0.00cvss epss 0.01

    D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented. A remote attacker could exploit this in conjunction with CVE-2019-16327 to enable remote router management and device compromise. NOTE: this is an end-of-life product.

  • CVE-2019-6014Dec 26, 2019
    risk 0.00cvss epss 0.01

    DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface.

  • CVE-2019-6013Dec 26, 2019
    risk 0.00cvss epss 0.01

    DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI).

Page 34 of 37