VYPR

Vendor CVEs

Dlink

All CVEs

1,843 total · sorted by risk
  • CVE-2016-10183HigJan 30, 2017
    risk 0.49cvss 7.5epss 0.06

    An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal.

  • CVE-2016-10181HigJan 30, 2017
    risk 0.49cvss 7.5epss 0.04

    An issue was discovered on the D-Link DWR-932B router. qmiweb provides sensitive information for CfgType=get_homeCfg requests.

  • CVE-2016-10180HigJan 30, 2017
    risk 0.49cvss 7.5epss 0.04

    An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding.

  • CVE-2016-10179HigJan 30, 2017
    risk 0.49cvss 7.5epss 0.05

    An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607.

  • CVE-2011-4723MedKEVDec 20, 2011
    risk 0.49cvss 5.7epss 0.03

    The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.

  • CVE-2005-1828HigMay 26, 2005
    risk 0.49cvss 7.5epss 0.01

    D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information.

  • CVE-2002-1810HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.02

    D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration…

  • CVE-2026-36983HigMay 11, 2026
    risk 0.48cvss 7.3epss 0.01

    D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub_42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads to command injection.

  • CVE-2026-7067HigApr 27, 2026
    risk 0.48cvss 7.3epss 0.02

    A vulnerability was determined in D-Link DIR-822 A_101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The…

  • CVE-2025-10123HigSep 9, 2025
    risk 0.48cvss 7.3epss 0.04

    A vulnerability was determined in D-Link DIR-823X up to 250416. Affected by this vulnerability is the function sub_415028 of the file /goform/set_static_leases. Executing manipulation of the argument Hostname can lead to command injection. The attack can be launched remotely.…

  • CVE-2025-9752HigSep 1, 2025
    risk 0.48cvss 7.3epss 0.16

    A security vulnerability has been detected in D-Link DIR-852 1.00CN B09. Impacted is the function soapcgi_main of the file soap.cgi of the component SOAP Service. Such manipulation of the argument service leads to os command injection. The attack can be launched remotely. The…

  • CVE-2025-9026HigAug 15, 2025
    risk 0.48cvss 7.3epss 0.04

    A vulnerability was identified in D-Link DIR-860L 2.04.B04. This affects the function ssdpcgi_main of the file htdocs/cgibin of the component Simple Service Discovery Protocol. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The…

  • CVE-2024-27619HigMar 29, 2024
    risk 0.48cvss 7.3epss 0.01

    Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. Any user having read/write access to ftp server can write directly to ram causing buffer overflow if file or files uploaded are greater than available ram. Ftp server allows change of directory to root which…

  • CVE-2026-7857HigMay 5, 2026
    risk 0.47cvss 7.2epss 0.04

    A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /user_group.asp of the component CGI Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed…

  • CVE-2026-7856HigMay 5, 2026
    risk 0.47cvss 7.2epss 0.05

    A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part of the file /url_member.asp of the component Web Management Interface. Executing a manipulation of the argument Name can lead to buffer overflow. The attack can be launched remotely. The exploit has…

  • CVE-2026-7851HigMay 5, 2026
    risk 0.47cvss 7.2epss 0.04

    A vulnerability was identified in D-Link DI-8100 16.07.26A1. This affects the function sprintf of the file yyxz.asp. The manipulation of the argument ID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and…

  • CVE-2026-7247HigApr 28, 2026
    risk 0.47cvss 7.2epss 0.01

    A vulnerability has been found in D-Link DI-8100 16.07.26A1. Affected by this issue is the function file_exten_asp of the file file_exten.asp of the component File Extension Handler. The manipulation of the argument Name leads to buffer overflow. Remote exploitation of the…

  • CVE-2026-5844HigApr 9, 2026
    risk 0.47cvss 7.2epss 0.05

    A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The…

  • CVE-2026-4627HigMar 24, 2026
    risk 0.47cvss 7.2epss 0.02

    A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_time of the file libdeuteron_modules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This…

  • CVE-2026-4499HigMar 20, 2026
    risk 0.47cvss 7.3epss 0.03

    A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is the function ssdpcgi_main of the component SSDP. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

  • CVE-2026-4194HigMar 16, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element…

  • CVE-2026-4193HigMar 16, 2026
    risk 0.47cvss 7.3epss 0.01

    A security vulnerability has been detected in D-Link DIR-823G 1.0.2B05. The affected element is the function GetDDNSSettings/GetDeviceDomainName/GetDeviceSettings/GetDMZSettings/GetFirewallSettings/GetGuestNetworkSettings/GetLanWanConflictInfo/GetLocalMacAddress/GetNetworkSetting…

  • CVE-2026-4180HigMar 16, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was identified in D-Link DIR-816 1.10CNB05. The impacted element is an unknown function of the file redirect.asp of the component goahead. The manipulation of the argument token_id leads to improper access controls. The attack may be initiated remotely. The…

  • CVE-2026-1125HigJan 18, 2026
    risk 0.47cvss 7.3epss 0.14

    A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_wifidog_settings. Executing a manipulation of the argument wd_enable can lead to command injection. The attack can be executed remotely. The…

  • CVE-2025-13562HigNov 23, 2025
    risk 0.47cvss 7.3epss 0.06

    A vulnerability was identified in D-Link DIR-852 1.00. This issue affects some unknown processing of the file /gena.cgi. Such manipulation of the argument service leads to command injection. The attack can be executed remotely. The exploit is publicly available and might be…

  • CVE-2025-34248HigOct 9, 2025
    risk 0.47cvss epss 0.01

    D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a directory traversal vulnerability within /api/web/dnc/global/database/deleteBackup due to improper sanitization of the deleteBackupList parameter. This can allow an authenticated attacker to delete arbitrary files…

  • CVE-2025-11488HigOct 8, 2025
    risk 0.47cvss 7.3epss 0.02

    A weakness has been identified in D-Link DIR-852 up to 20251002. This affects an unknown part of the file /HNAP1/. Executing manipulation can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.…

  • CVE-2018-16408HigSep 3, 2018
    risk 0.47cvss 7.2epss 0.05

    D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access.

  • CVE-2018-6211HigJun 20, 2018
    risk 0.47cvss 7.2epss 0.06

    On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi.

  • CVE-2018-10431HigApr 26, 2018
    risk 0.47cvss 7.2epss 0.03

    D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen.

  • CVE-2025-8231MedJul 27, 2025
    risk 0.44cvss 6.8epss 0.01

    A vulnerability, which was classified as critical, has been found in D-Link DIR-890L up to 111b04. This issue affects some unknown processing of the file rgbin of the component UART Port. The manipulation leads to hard-coded credentials. It is possible to launch the attack on…

  • CVE-2024-28728MedNov 12, 2024
    risk 0.43cvss 6.6epss 0.01

    Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via a crafted payload to the WiFi SSID Name field.

  • CVE-2018-17443MedOct 8, 2018
    risk 0.43cvss 6.1epss 0.06

    An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS.

  • CVE-2018-17441MedOct 8, 2018
    risk 0.43cvss 6.1epss 0.06

    An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS.

  • CVE-2025-8175MedJul 26, 2025
    risk 0.42cvss 6.5epss 0.01

    A vulnerability was found in D-Link DI-8400 16.07.26A1. It has been classified as problematic. This affects an unknown part of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument share_enable leads to null pointer dereference. It is possible to…

  • CVE-2025-44023MedMay 8, 2025
    risk 0.42cvss 6.5epss 0.00

    An issue in dlink DNS-320 v.1.00 and DNS-320LW v.1.01.0914.20212 allows an attacker to execute arbitrary via the account_mgr.cgi->cgi_chg_admin_pw components.

  • CVE-2018-12103MedJul 5, 2018
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the predictability of the…

  • CVE-2026-11341MedJun 5, 2026
    risk 0.41cvss 6.3epss 0.01

    A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEI_value causes os command injection. The attack can be initiated remotely. The exploit has been…

  • CVE-2026-11339MedJun 5, 2026
    risk 0.41cvss 6.3epss 0.03

    A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is…

  • CVE-2026-10878MedJun 5, 2026
    risk 0.41cvss 6.3epss 0.04

    A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub_41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument action_value results in command injection. The attack is possible to be carried out remotely. The…

  • CVE-2026-10182MedMay 31, 2026
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formWlanSetup of the file /goform/formWlanSetup. Executing a manipulation of the argument enrollee can lead to command injection. The attack can be launched remotely. The exploit…

  • CVE-2026-10064MedMay 29, 2026
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetPortTr of the file /goform/formSetPortTr. Performing a manipulation of the argument special_name results in stack-based buffer overflow. It is possible to initiate the attack…

  • CVE-2026-10061MedMay 29, 2026
    risk 0.41cvss 6.3epss 0.05

    A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. The attack can be executed remotely. The exploit has been made public and could be used.…

  • CVE-2026-10060MedMay 29, 2026
    risk 0.41cvss 6.3epss 0.05

    A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetRoute of the file /goform/formSetRoute. The manipulation of the argument ip/mask/gateway leads to command injection. Remote exploitation of the attack is possible. The exploit has…

  • CVE-2026-9534MedMay 26, 2026
    risk 0.41cvss 6.3epss 0.02

    A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument PIN can lead to os command injection. It is possible to launch the attack…

  • CVE-2026-9533MedMay 26, 2026
    risk 0.41cvss 6.3epss 0.02

    A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument fwUrl/magicid results in os command injection. It is…

  • CVE-2026-9532MedMay 26, 2026
    risk 0.41cvss 6.3epss 0.02

    A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument FileName leads to os command injection. The…

  • CVE-2026-9531MedMay 26, 2026
    risk 0.41cvss 6.3epss 0.02

    A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried…

  • CVE-2026-9515MedMay 26, 2026
    risk 0.41cvss 6.3epss 0.02

    A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument plugin_version results in os command injection. The attack may…

  • CVE-2026-9514MedMay 25, 2026
    risk 0.41cvss 6.3epss 0.02

    A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. Impacted is the function setNetworkDiag of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument NetDiagHost/NetDiagPingNum/NetDiagPingSize/NetDiagPingTimeOut/Net…

Page 5 of 37