VYPR

Vendor CVEs

Dlink

All CVEs

1,843 total · sorted by risk
  • CVE-2026-7069HigApr 27, 2026
    risk 0.52cvss 8.0epss 0.01

    A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. Performing a manipulation of the argument NewPortMappingDescription results in buffer overflow. The attack needs to be…

  • CVE-2024-28726HigNov 12, 2024
    risk 0.52cvss 8.0epss 0.08

    An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted payload to the Diagnostics function.

  • CVE-2017-14428HigSep 13, 2017
    risk 0.51cvss 7.8epss 0.00

    D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions.

  • CVE-2017-14427HigSep 13, 2017
    risk 0.51cvss 7.8epss 0.00

    D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions.

  • CVE-2017-14426HigSep 13, 2017
    risk 0.51cvss 7.8epss 0.00

    D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target) permissions.

  • CVE-2017-14425HigSep 13, 2017
    risk 0.51cvss 7.8epss 0.00

    D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions.

  • CVE-2017-14424HigSep 13, 2017
    risk 0.51cvss 7.8epss 0.00

    D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions.

  • CVE-2018-25358HigMay 23, 2026
    risk 0.49cvss 7.5epss 0.01

    D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST requests. Attackers can send requests to /my_cgi.cgi with table_name values like…

  • CVE-2026-6947HigApr 24, 2026
    risk 0.49cvss 7.5epss 0.00

    DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform brute-force attacks to gain control over the device.

  • CVE-2025-50673HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the http_lanport parameter in the /webgl.asp endpoint.

  • CVE-2025-50672HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /yyxz_dlink.asp endpoint.

  • CVE-2025-50671HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_ref.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with excessively long strings in parameters name, en,…

  • CVE-2025-50670HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_bwr.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in the name, qq, and time parameters.

  • CVE-2025-50669HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 and DI-8003G 19.12.10A1 due to improper handling of the wan_ping parameter in the /wan_ping.asp endpoint.

  • CVE-2025-50668HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the s parameter in the /web_list_opt.asp endpoint.

  • CVE-2025-50667HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the iface parameter in the /wan_line_detection.asp endpoint.

  • CVE-2025-50666HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /web_post.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in parameters such as name, en, user_id, log, and…

  • CVE-2025-50665HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of input parameters in the /web_keyword.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request via the name, en, time, mem_gb2312, and mem_utf8…

  • CVE-2025-50664HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /user_group.asp endpoint. The attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, mem, pri, and attr.

  • CVE-2025-50663HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /usb_paswd.asp endpoint.

  • CVE-2025-50662HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_group.asp endpoint.

  • CVE-2025-50661HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /url_rule.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, en, ips, u, time, act, rpri,…

  • CVE-2025-50660HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_member.asp endpoint.

  • CVE-2025-50659HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the custom_error parameter in the /user.asp endpoint.

  • CVE-2025-50657HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the pid parameter in the /trace.asp endpoint.

  • CVE-2025-50655HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /thd_group.asp endpoint.

  • CVE-2025-50654HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of the id parameter in the /thd_member.asp endpoint.

  • CVE-2025-50653HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name and mem parameters in the /time_group.asp endpoint.

  • CVE-2025-50652HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue in D-Link DI-8003 16.07.26A1 related to improper handling of the id parameter in the /saveparm_usb.asp endpoint.

  • CVE-2025-50650HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate validation of input size in the routes_static parameter in the /router.asp endpoint.

  • CVE-2025-50649HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper input validation in the vlan_name parameter in the /shut_set.asp endpoint.

  • CVE-2025-50648HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validation in the /tggl.asp endpoint.

  • CVE-2025-50647HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1, specifically in the handling of the wans parameter in the qos.asp endpoint.

  • CVE-2025-50646HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insufficient input validation on the name parameter in the /qos_type_asp.asp endpoint.

  • CVE-2025-50645HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead to a buffer overflow when the s parameter in the pppoe_list_opt.asp endpoint is manipulated. By sending a crafted request with an excessively large value for the s parameter, an attacker can trigger…

  • CVE-2025-50644HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of user input in the qj.asp endpoint.

  • CVE-2025-52222HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-8400 v16.07.26A1, DI-8004w v16.07.26A1, DI-8100 v16.07.26A1, and DI-8100G v17.12.20A1 were discovered to contain a buffer overflow via the rd_en, rd_auth,…

  • CVE-2025-45059HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2025-45058HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fx parameter in the jingx_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2025-45057HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2018-14080HigOct 9, 2018
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. One can bypass authentication mechanisms to download the configuration file.

  • CVE-2018-17880HigOct 3, 2018
    risk 0.49cvss 7.5epss 0.02

    On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 RunReboot commands without authentication to trigger a reboot.

  • CVE-2015-0153HigApr 12, 2018
    risk 0.49cvss 7.5epss 0.02

    D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key.

  • CVE-2017-17065HigNov 30, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06_hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service (device crash) or possibly have unspecified other impact by sending a sufficiently…

  • CVE-2017-14430HigSep 13, 2017
    risk 0.49cvss 7.5epss 0.01

    D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via crafted LAN traffic.

  • CVE-2017-14423HigSep 13, 2017
    risk 0.49cvss 7.5epss 0.01

    htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests.

  • CVE-2017-14422HigSep 13, 2017
    risk 0.49cvss 7.5epss 0.01

    D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS…

  • CVE-2016-10186HigJan 30, 2017
    risk 0.49cvss 7.5epss 0.04

    An issue was discovered on the D-Link DWR-932B router. /var/miniupnpd.conf has no deny rules.

  • CVE-2016-10185HigJan 30, 2017
    risk 0.49cvss 7.5epss 0.04

    An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf.

  • CVE-2016-10184HigJan 30, 2017
    risk 0.49cvss 7.5epss 0.06

    An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal.

Page 4 of 37