Vendor CVEs
Dlink
All CVEs
1,843 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-12787 | 0.00 | — | 0.03 | Jun 10, 2019 | An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the Gateway key. | |||
| CVE-2019-12786 | 0.00 | — | 0.03 | Jun 10, 2019 | An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the IPAddress key. | |||
| CVE-2018-17990 | 0.00 | — | 0.04 | Apr 1, 2019 | An issue was discovered on D-Link DSL-3782 devices with firmware 1.01. An OS command injection vulnerability in Acl.asp allows a remote authenticated attacker to execute arbitrary OS commands via the ScrIPaddrEndTXT parameter. | |||
| CVE-2018-17989 | 0.00 | — | 0.01 | Apr 1, 2019 | A stored XSS vulnerability exists in the web interface on D-Link DSL-3782 devices with firmware 1.01 that allows authenticated attackers to inject a JavaScript or HTML payload inside the ACL page. The injected payload would be executed in a user's browser when… | |||
| CVE-2019-10042 | 0.00 | — | 0.02 | Mar 25, 2019 | The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/LoadDefaultSettings to reset the router without authentication. | |||
| CVE-2019-10041 | 0.00 | — | 0.02 | Mar 25, 2019 | The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/form2userconfig.cgi to edit the system account without authentication. | |||
| CVE-2019-10040 | 0.00 | — | 0.03 | Mar 25, 2019 | The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication. | |||
| CVE-2019-10039 | 0.00 | — | 0.02 | Mar 25, 2019 | The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/setSysAdm to edit the web or system account without authentication. | |||
| CVE-2019-9125 | 0.00 | — | 0.03 | Feb 25, 2019 | An issue was discovered on D-Link DIR-878 1.12B01 devices. Because strncpy is misused, there is a stack-based buffer overflow vulnerability that does not require authentication via the HNAP_AUTH HTTP header. | |||
| CVE-2019-9122 | 0.00 | — | 0.24 | Feb 25, 2019 | An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the ntp_server parameter in an ntp_sync.cgi POST request. | |||
| CVE-2019-9124 | 0.00 | — | 0.02 | Feb 25, 2019 | An issue was discovered on D-Link DIR-878 1.12B01 devices. At the /HNAP1 URI, an attacker can log in with a blank password. | |||
| CVE-2019-9123 | 0.00 | — | 0.02 | Feb 25, 2019 | An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "user" account has a blank password. | |||
| CVE-2019-9126 | 0.00 | — | 0.02 | Feb 25, 2019 | An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is an information disclosure vulnerability via requests for the router_info.xml document. This will reveal the PIN code, MAC address, routing table, firmware version, update time, QOS information, LAN… | |||
| CVE-2019-8392 | 0.00 | — | 0.02 | Feb 17, 2019 | An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provided by /bin/goahead. | |||
| CVE-2019-8316 | 0.00 | — | 0.07 | Feb 13, 2019 | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted… | |||
| CVE-2019-8312 | 0.00 | — | 0.07 | Feb 13, 2019 | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted… | |||
| CVE-2019-8317 | 0.00 | — | 0.06 | Feb 13, 2019 | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted… | |||
| CVE-2019-8313 | 0.00 | — | 0.06 | Feb 13, 2019 | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted… | |||
| CVE-2019-8318 | 0.00 | — | 0.06 | Feb 13, 2019 | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted… | |||
| CVE-2019-8319 | 0.00 | — | 0.08 | Feb 13, 2019 | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted… | |||
| CVE-2019-8315 | 0.00 | — | 0.06 | Feb 13, 2019 | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted… | |||
| CVE-2019-8314 | 0.00 | — | 0.06 | Feb 13, 2019 | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted… | |||
| CVE-2019-7736 | 0.00 | — | 0.03 | Feb 11, 2019 | D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page. NOTE: this may overlap CVE-2019-13101. | |||
| CVE-2019-7388 | 0.00 | — | 0.03 | Feb 5, 2019 | An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address) about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an… | |||
| CVE-2019-7390 | 0.00 | — | 0.02 | Feb 5, 2019 | An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via the SetWanSettings HNAP API. | |||
| CVE-2019-7389 | 0.00 | — | 0.03 | Feb 5, 2019 | An issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. There is incorrect access control allowing remote attackers to reset the router without authentication via the SetFactoryDefault HNAP API. Consequently, an attacker can achieve a… | |||
| CVE-2018-15516 | 0.00 | — | 0.02 | Jan 31, 2019 | The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF. | |||
| CVE-2018-15515 | 0.00 | — | 0.02 | Jan 31, 2019 | The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges. | |||
| CVE-2018-20674 | 0.00 | — | 0.03 | Jan 9, 2019 | D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution. | |||
| CVE-2018-20675 | 0.00 | — | 0.02 | Jan 9, 2019 | D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass. | |||
| CVE-2018-20445 | 0.00 | — | 0.02 | Dec 25, 2018 | D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.32 and iso.3.6.1.4.1.4413.2.2.2.1.5.4.2.4.1.2.32 SNMP requests. | |||
| CVE-2018-20389 | 0.00 | — | 0.02 | Dec 23, 2018 | D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||
| CVE-2018-18009 | 0.00 | — | 0.03 | Dec 21, 2018 | dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials. | |||
| CVE-2018-18007 | 0.00 | — | 0.02 | Dec 21, 2018 | atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials. | |||
| CVE-2018-18442 | 0.00 | — | 0.01 | Dec 20, 2018 | D-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-service (DoS) attacks. An attacker can harm the device availability (i.e., live-online video/audio streaming) by using the hping3 tool to perform an IPv4 flood attack. Verified… | |||
| CVE-2018-18441 | 0.00 | — | 0.02 | Dec 20, 2018 | D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1,… | |||
| CVE-2018-18767 | 0.00 | — | 0.01 | Dec 20, 2018 | An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and… | |||
| CVE-2018-17777 | 0.00 | — | 0.02 | Dec 18, 2018 | An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have… | |||
| CVE-2018-18636 | 0.00 | — | 0.01 | Oct 24, 2018 | XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:RelaodHref or var:conid parameter. | |||
| CVE-2015-2052 | 0.00 | — | 0.05 | Feb 23, 2015 | Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface. | |||
| CVE-2015-2050 | 0.00 | — | 0.03 | Feb 23, 2015 | D-Link DAP-1320 Rev Ax with firmware before 1.21b05 allows attackers to execute arbitrary commands via unspecified vectors. | |||
| CVE-2015-2048 | 0.00 | — | 0.01 | Feb 23, 2015 | Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2014-10028 | 0.00 | — | 0.01 | Jan 13, 2015 | Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi when res_config_id is set to 41. | |||
| CVE-2014-10027 | 0.00 | — | 0.01 | Jan 13, 2015 | Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that (1) change the MAC filter restrict mode, (2) add a MAC address to the… | |||
| CVE-2014-10026 | 0.00 | — | 0.02 | Jan 13, 2015 | index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows remote attackers to bypass authentication and obtain sensitive information by setting the client_login cookie to admin. | |||
| CVE-2014-10025 | 0.00 | — | 0.01 | Jan 13, 2015 | Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that change the (1) Enable Wireless, (2) MBSSID, (3) BSSID, (4) Hide Access Point,… | |||
| CVE-2014-9518 | 0.00 | — | 0.01 | Jan 5, 2015 | Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01 allows remote attackers to inject arbitrary web script or HTML via the html_response_page parameter. | |||
| CVE-2014-9517 | 0.00 | — | 0.02 | Jan 5, 2015 | Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm. | |||
| CVE-2014-9238 | 0.00 | — | 0.02 | Dec 3, 2014 | D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) character. | |||
| CVE-2014-9234 | 0.00 | — | 0.03 | Dec 3, 2014 | Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. |
- CVE-2019-12787Jun 10, 2019risk 0.00cvss —epss 0.03
An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the Gateway key.
- CVE-2019-12786Jun 10, 2019risk 0.00cvss —epss 0.03
An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the IPAddress key.
- CVE-2018-17990Apr 1, 2019risk 0.00cvss —epss 0.04
An issue was discovered on D-Link DSL-3782 devices with firmware 1.01. An OS command injection vulnerability in Acl.asp allows a remote authenticated attacker to execute arbitrary OS commands via the ScrIPaddrEndTXT parameter.
- CVE-2018-17989Apr 1, 2019risk 0.00cvss —epss 0.01
A stored XSS vulnerability exists in the web interface on D-Link DSL-3782 devices with firmware 1.01 that allows authenticated attackers to inject a JavaScript or HTML payload inside the ACL page. The injected payload would be executed in a user's browser when…
- CVE-2019-10042Mar 25, 2019risk 0.00cvss —epss 0.02
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/LoadDefaultSettings to reset the router without authentication.
- CVE-2019-10041Mar 25, 2019risk 0.00cvss —epss 0.02
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/form2userconfig.cgi to edit the system account without authentication.
- CVE-2019-10040Mar 25, 2019risk 0.00cvss —epss 0.03
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication.
- CVE-2019-10039Mar 25, 2019risk 0.00cvss —epss 0.02
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/setSysAdm to edit the web or system account without authentication.
- CVE-2019-9125Feb 25, 2019risk 0.00cvss —epss 0.03
An issue was discovered on D-Link DIR-878 1.12B01 devices. Because strncpy is misused, there is a stack-based buffer overflow vulnerability that does not require authentication via the HNAP_AUTH HTTP header.
- CVE-2019-9122Feb 25, 2019risk 0.00cvss —epss 0.24
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the ntp_server parameter in an ntp_sync.cgi POST request.
- CVE-2019-9124Feb 25, 2019risk 0.00cvss —epss 0.02
An issue was discovered on D-Link DIR-878 1.12B01 devices. At the /HNAP1 URI, an attacker can log in with a blank password.
- CVE-2019-9123Feb 25, 2019risk 0.00cvss —epss 0.02
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "user" account has a blank password.
- CVE-2019-9126Feb 25, 2019risk 0.00cvss —epss 0.02
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is an information disclosure vulnerability via requests for the router_info.xml document. This will reveal the PIN code, MAC address, routing table, firmware version, update time, QOS information, LAN…
- CVE-2019-8392Feb 17, 2019risk 0.00cvss —epss 0.02
An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provided by /bin/goahead.
- CVE-2019-8316Feb 13, 2019risk 0.00cvss —epss 0.07
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted…
- CVE-2019-8312Feb 13, 2019risk 0.00cvss —epss 0.07
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted…
- CVE-2019-8317Feb 13, 2019risk 0.00cvss —epss 0.06
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted…
- CVE-2019-8313Feb 13, 2019risk 0.00cvss —epss 0.06
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted…
- CVE-2019-8318Feb 13, 2019risk 0.00cvss —epss 0.06
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted…
- CVE-2019-8319Feb 13, 2019risk 0.00cvss —epss 0.08
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted…
- CVE-2019-8315Feb 13, 2019risk 0.00cvss —epss 0.06
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted…
- CVE-2019-8314Feb 13, 2019risk 0.00cvss —epss 0.06
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted…
- CVE-2019-7736Feb 11, 2019risk 0.00cvss —epss 0.03
D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page. NOTE: this may overlap CVE-2019-13101.
- CVE-2019-7388Feb 5, 2019risk 0.00cvss —epss 0.03
An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address) about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an…
- CVE-2019-7390Feb 5, 2019risk 0.00cvss —epss 0.02
An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via the SetWanSettings HNAP API.
- CVE-2019-7389Feb 5, 2019risk 0.00cvss —epss 0.03
An issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. There is incorrect access control allowing remote attackers to reset the router without authentication via the SetFactoryDefault HNAP API. Consequently, an attacker can achieve a…
- CVE-2018-15516Jan 31, 2019risk 0.00cvss —epss 0.02
The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.
- CVE-2018-15515Jan 31, 2019risk 0.00cvss —epss 0.02
The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges.
- CVE-2018-20674Jan 9, 2019risk 0.00cvss —epss 0.03
D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution.
- CVE-2018-20675Jan 9, 2019risk 0.00cvss —epss 0.02
D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass.
- CVE-2018-20445Dec 25, 2018risk 0.00cvss —epss 0.02
D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.32 and iso.3.6.1.4.1.4413.2.2.2.1.5.4.2.4.1.2.32 SNMP requests.
- CVE-2018-20389Dec 23, 2018risk 0.00cvss —epss 0.02
D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
- CVE-2018-18009Dec 21, 2018risk 0.00cvss —epss 0.03
dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials.
- CVE-2018-18007Dec 21, 2018risk 0.00cvss —epss 0.02
atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials.
- CVE-2018-18442Dec 20, 2018risk 0.00cvss —epss 0.01
D-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-service (DoS) attacks. An attacker can harm the device availability (i.e., live-online video/audio streaming) by using the hping3 tool to perform an IPv4 flood attack. Verified…
- CVE-2018-18441Dec 20, 2018risk 0.00cvss —epss 0.02
D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1,…
- CVE-2018-18767Dec 20, 2018risk 0.00cvss —epss 0.01
An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and…
- CVE-2018-17777Dec 18, 2018risk 0.00cvss —epss 0.02
An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have…
- CVE-2018-18636Oct 24, 2018risk 0.00cvss —epss 0.01
XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:RelaodHref or var:conid parameter.
- CVE-2015-2052Feb 23, 2015risk 0.00cvss —epss 0.05
Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface.
- CVE-2015-2050Feb 23, 2015risk 0.00cvss —epss 0.03
D-Link DAP-1320 Rev Ax with firmware before 1.21b05 allows attackers to execute arbitrary commands via unspecified vectors.
- CVE-2015-2048Feb 23, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
- CVE-2014-10028Jan 13, 2015risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi when res_config_id is set to 41.
- CVE-2014-10027Jan 13, 2015risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that (1) change the MAC filter restrict mode, (2) add a MAC address to the…
- CVE-2014-10026Jan 13, 2015risk 0.00cvss —epss 0.02
index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows remote attackers to bypass authentication and obtain sensitive information by setting the client_login cookie to admin.
- CVE-2014-10025Jan 13, 2015risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that change the (1) Enable Wireless, (2) MBSSID, (3) BSSID, (4) Hide Access Point,…
- CVE-2014-9518Jan 5, 2015risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01 allows remote attackers to inject arbitrary web script or HTML via the html_response_page parameter.
- CVE-2014-9517Jan 5, 2015risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm.
- CVE-2014-9238Dec 3, 2014risk 0.00cvss —epss 0.02
D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) character.
- CVE-2014-9234Dec 3, 2014risk 0.00cvss —epss 0.03
Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Page 36 of 37