VYPR

Vendor CVEs

Dlink

All CVEs

1,843 total · sorted by risk
  • CVE-2025-9727MedAug 31, 2025
    risk 0.41cvss 6.3epss 0.05

    A weakness has been identified in D-Link DIR-816L 206b01. Affected by this issue is the function soapcgi_main of the file /soap.cgi. This manipulation of the argument service causes os command injection. Remote exploitation of the attack is possible. The exploit has been made…

  • CVE-2025-8956MedAug 14, 2025
    risk 0.41cvss 6.3epss 0.18

    A vulnerability was found in D-Link DIR‑818L up to 1.05B01. This issue affects the function getenv of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the…

  • CVE-2025-7932MedJul 21, 2025
    risk 0.41cvss 6.3epss 0.05

    A vulnerability classified as critical has been found in D-Link DIR‑817L up to 1.04B01. This affects the function lxmldbc_system of the file ssdpcgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to…

  • CVE-2025-7836MedJul 19, 2025
    risk 0.41cvss 6.3epss 0.06

    A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function lxmldbc_system of the file /htdocs/cgibin of the component Environment Variable Handler. The manipulation leads to command injection. The…

  • CVE-2025-7192MedJul 8, 2025
    risk 0.41cvss 6.3epss 0.04

    A vulnerability was found in D-Link DIR-645 up to 1.05B01 and classified as critical. This issue affects the function ssdpcgi_main of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit…

  • CVE-2025-6899MedJun 30, 2025
    risk 0.41cvss 6.3epss 0.05

    A vulnerability, which was classified as critical, was found in D-Link DI-7300G+ and DI-8200G 17.12.20A1/19.12.25A1. This affects an unknown part of the file msp_info.htm. The manipulation of the argument flag/cmd/iface leads to os command injection. It is possible to initiate…

  • CVE-2025-6898MedJun 30, 2025
    risk 0.41cvss 6.3epss 0.09

    A vulnerability, which was classified as critical, has been found in D-Link DI-7300G+ 19.12.25A1. Affected by this issue is some unknown functionality of the file in proxy_client.asp. The manipulation of the argument proxy_srv/proxy_lanport/proxy_lanip/proxy_srvport leads to os…

  • CVE-2025-6896MedJun 30, 2025
    risk 0.41cvss 6.3epss 0.04

    A vulnerability classified as critical has been found in D-Link DI-7300G+ 19.12.25A1. Affected is an unknown function of the file wget_test.asp. The manipulation of the argument url leads to os command injection. It is possible to launch the attack remotely. The exploit has been…

  • CVE-2024-7715MedAug 13, 2024
    risk 0.41cvss 6.3epss 0.25

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to…

  • CVE-2024-28436MedApr 22, 2024
    risk 0.40cvss 6.1epss 0.01

    Cross Site Scripting vulnerability in D-Link DAP products DAP-2230, DAP-2310, DAP-2330, DAP-2360, DAP-2553, DAP-2590, DAP-2690, DAP-2695, DAP-3520, DAP-3662 allows a remote attacker to execute arbitrary code via the reload parameter in the session_login.php component.

  • CVE-2018-15875MedAug 25, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request.

  • CVE-2018-15874MedAug 25, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request.

  • CVE-2018-6212MedJun 20, 2018
    risk 0.40cvss 6.1epss 0.02

    On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filtration for special characters in the "Search" field and…

  • CVE-2018-10108MedApr 16, 2018
    risk 0.40cvss 6.1epss 0.01

    D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php.

  • CVE-2018-10107MedApr 16, 2018
    risk 0.40cvss 6.1epss 0.01

    D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php.

  • CVE-2018-6529MedMar 6, 2018
    risk 0.40cvss 6.1epss 0.02

    XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a…

  • CVE-2018-6528MedMar 6, 2018
    risk 0.40cvss 6.1epss 0.02

    XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a…

  • CVE-2018-6527MedMar 6, 2018
    risk 0.40cvss 6.1epss 0.02

    XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read…

  • CVE-2017-16765MedNov 10, 2017
    risk 0.40cvss 6.1epss 0.01

    XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi.

  • CVE-2016-10699MedOct 31, 2017
    risk 0.40cvss 6.1epss 0.01

    D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in…

  • CVE-2017-14416MedSep 13, 2017
    risk 0.40cvss 6.1epss 0.01

    D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php.

  • CVE-2017-14415MedSep 13, 2017
    risk 0.40cvss 6.1epss 0.01

    D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php.

  • CVE-2017-14414MedSep 13, 2017
    risk 0.40cvss 6.1epss 0.01

    D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php.

  • CVE-2017-14413MedSep 13, 2017
    risk 0.40cvss 6.1epss 0.01

    D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php.

  • CVE-2017-10676MedJul 20, 2017
    risk 0.40cvss 6.1epss 0.01

    On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter.

  • CVE-2026-4377MedMay 28, 2026
    risk 0.39cvss epss 0.00

    Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in…

  • CVE-2024-3274MedApr 4, 2024
    risk 0.39cvss 5.3epss 0.33

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request…

  • CVE-2018-6936MedFeb 21, 2018
    risk 0.38cvss 5.4epss 0.02

    Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account.

  • CVE-2017-14420MedSep 13, 2017
    risk 0.38cvss 5.9epss 0.01

    The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and…

  • CVE-2017-14419MedSep 13, 2017
    risk 0.38cvss 5.9epss 0.01

    The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service…

  • CVE-2026-7554MedMay 1, 2026
    risk 0.36cvss 5.6epss 0.01

    A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attack can be initiated remotely. A high degree of complexity is needed for the…

  • CVE-2025-6897MedJun 30, 2025
    risk 0.36cvss 5.5epss 0.03

    A vulnerability classified as critical was found in D-Link DI-7300G+ 19.12.25A1. Affected by this vulnerability is an unknown functionality of the file httpd_debug.asp. The manipulation of the argument Time leads to os command injection. The exploit has been disclosed to the…

  • CVE-2018-16605MedSep 12, 2018
    risk 0.35cvss 5.4epss 0.01

    D-Link DIR-600M devices allow XSS via the Hostname and Username fields in the Dynamic DNS Configuration page.

  • CVE-2014-7860MedAug 25, 2017
    risk 0.35cvss 5.3epss 0.10

    The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and…

  • CVE-2026-11497MedJun 8, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipulation leads to least privilege violation. The attack can be executed remotely.…

  • CVE-2026-5312MedApr 1, 2026
    risk 0.34cvss 5.3epss 0.01

    A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this…

  • CVE-2026-5311MedApr 1, 2026
    risk 0.34cvss 5.3epss 0.01

    A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is…

  • CVE-2018-10110MedApr 18, 2018
    risk 0.34cvss 4.8epss 0.04

    D-Link DIR-615 T1 devices allow XSS via the Add User feature.

  • CVE-2026-8273MedMay 11, 2026
    risk 0.31cvss 4.7epss 0.05

    A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgi_set_host/cgi_set_ntp/cgi_fan_control/cgi_merge_user of the file /cgi-bin/system_mgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely.

  • CVE-2026-8272MedMay 11, 2026
    risk 0.31cvss 4.7epss 0.06

    A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfile_mgr.cgi. The manipulation results in os command injection. The attack may be performed from remote. The exploit has been…

  • CVE-2026-8271MedMay 11, 2026
    risk 0.31cvss 4.7epss 0.05

    A vulnerability was identified in D-Link DNS-320 2.06B01. The impacted element is the function cgi_speed/cgi_dhcpd_lease/cgi_ddns/cgi_set_ip/cgi_upnp_del/cgi_dhcpd/cgi_upnp_add/cgi_upnp_edit of the file /cgi-bin/network_mgr.cgi. The manipulation leads to os command injection.…

  • CVE-2026-2227MedFeb 9, 2026
    risk 0.31cvss 4.7epss 0.05

    A vulnerability was found in D-Link DCS-931L up to 1.13.0. Impacted is the function doSystem of the file /setSystemAdmin. Performing a manipulation of the argument AdminID results in command injection. The attack may be initiated remotely. The exploit has been made public and…

  • CVE-2026-2163MedFeb 8, 2026
    risk 0.31cvss 4.7epss 0.05

    A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. The attack may be launched remotely. The…

  • CVE-2026-2082MedFeb 7, 2026
    risk 0.31cvss 4.7epss 0.04

    A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/set_mac_clone. Such manipulation of the argument mac leads to os command injection. The attack may be performed from remote. The exploit is publicly…

  • CVE-2026-2081MedFeb 7, 2026
    risk 0.31cvss 4.7epss 0.05

    A vulnerability was determined in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_password. This manipulation of the argument http_passwd causes os command injection. The attack is possible to be carried out remotely. The exploit has…

  • CVE-2026-2063MedFeb 6, 2026
    risk 0.31cvss 4.7epss 0.04

    A security flaw has been discovered in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/set_ac_server of the component Web Management Interface. The manipulation of the argument ac_server results in os command injection. The attack can be…

  • CVE-2026-2061MedFeb 6, 2026
    risk 0.31cvss 4.7epss 0.04

    A vulnerability was determined in D-Link DIR-823X 250416. Affected by this issue is the function sub_424D20 of the file /goform/set_ipv6. Executing a manipulation can lead to os command injection. It is possible to launch the attack remotely. The exploit has been publicly…

  • CVE-2026-1419MedJan 26, 2026
    risk 0.31cvss 4.7epss 0.15

    A weakness has been identified in D-Link DCS700l 1.03.09. Affected is an unknown function of the file /setDayNightMode of the component Web Form Handler. Executing a manipulation of the argument LightSensorControl can lead to command injection. The attack may be launched…

  • CVE-2025-12296MedOct 27, 2025
    risk 0.31cvss 4.7epss 0.07

    A security vulnerability has been detected in D-Link DAP-2695 2.00RC13. The impacted element is the function sub_4174B0 of the component Firmware Update Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed…

  • CVE-2025-11335MedOct 6, 2025
    risk 0.31cvss 4.7epss 0.05

    A weakness has been identified in D-Link DI-7100G C1 up to 20250928. Affected by this vulnerability is the function sub_46409C of the file /msp_info.htm?flag=qos of the component jhttpd. This manipulation of the argument iface causes command injection. The attack is possible to…

Page 7 of 37