VYPR

Vendor CVEs

Dlink

All CVEs

1,843 total · sorted by risk
  • CVE-2012-10021Jul 31, 2025
    risk 0.09cvss epss 0.03

    A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage of sprintf() when processing user-supplied CAPTCHA data via the FILECODE parameter…

  • CVE-2013-1600Jan 28, 2020
    risk 0.09cvss epss 0.18

    An Authentication Bypass vulnerability exists in upnp/asf-mp4.asf when streaming live video in D-Link TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-2121 1.06_FR, 1.06, and 1.05_RU, DCS-2102 1.06_FR. 1.06, and 1.05_RU, which could let a malicious user obtain sensitive…

  • CVE-2014-3936Jun 2, 2014
    risk 0.09cvss epss 0.77

    Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long…

  • CVE-2014-125117Jul 25, 2025
    risk 0.08cvss epss 0.05

    A stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices, including the DSP-W215 version 1.02, can be exploited via a specially crafted HTTP POST request to the /common/info.cgi endpoint. This flaw enables an unauthenticated attacker to…

  • CVE-2024-10915Nov 6, 2024
    risk 0.08cvss epss 0.79

    A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument group leads to…

  • CVE-2013-7055Feb 4, 2020
    risk 0.08cvss epss 0.07

    D-Link DIR-100 4.03B07 has PPTP and poe information disclosure

  • CVE-2013-1603Jan 28, 2020
    risk 0.08cvss epss 0.16

    An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121…

  • CVE-2013-1602Jan 28, 2020
    risk 0.08cvss epss 0.15

    An Information Disclosure vulnerability exists due to insufficient validation of authentication cookies for the RTSP session in D-Link DCS-5635 1.01, DCS-1100L 1.04, DCS-1130L 1.04, DCS-1100 1.03/1.04_US, DCS-1130 1.03/1.04_US , DCS-2102 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-2121…

  • CVE-2019-17506Oct 11, 2019
    risk 0.08cvss epss 0.57

    There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with…

  • CVE-2019-17508Oct 11, 2019
    risk 0.08cvss epss 0.16

    On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable.

  • CVE-2015-2049Feb 23, 2015
    risk 0.08cvss epss 0.67

    Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.

  • CVE-2024-10914Nov 6, 2024
    risk 0.07cvss epss 0.97

    A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name…

  • CVE-2024-22853Feb 6, 2024
    risk 0.07cvss epss 0.05

    D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session.

  • CVE-2023-5074Sep 20, 2023
    risk 0.07cvss epss 0.68

    Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28

  • CVE-2023-4542Aug 25, 2023
    risk 0.07cvss epss 0.87

    A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been classified as critical. This affects an unknown part of the file /app/sys1.php. The manipulation of the argument cmd with the input id leads to os command injection. It is possible to initiate the attack…

  • CVE-2022-28955May 18, 2022
    risk 0.07cvss epss 0.38

    An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.

  • CVE-2021-46379Mar 4, 2022
    risk 0.07cvss epss 0.16

    DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site.

  • CVE-2020-24581Dec 22, 2020
    risk 0.07cvss epss 0.13

    An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It contains an execute_cmd.cgi feature (that is not reachable via the web user interface) that lets an authenticated user execute Operating System commands.

  • CVE-2020-24579Dec 22, 2020
    risk 0.07cvss epss 0.10

    An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality.

  • CVE-2020-9376Jul 9, 2020
    risk 0.07cvss epss 0.17

    D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

  • CVE-2013-7052Feb 4, 2020
    risk 0.07cvss epss 0.25

    D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script

  • CVE-2018-19987May 13, 2019
    risk 0.07cvss epss 0.13

    D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code,…

  • CVE-2024-22651Jan 24, 2024
    risk 0.06cvss epss 0.20

    There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04.

  • CVE-2023-5154Sep 25, 2023
    risk 0.06cvss epss 0.15

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-8000 up to 20151231 and classified as critical. This vulnerability affects unknown code of the file /sysmanage/changelogo.php. The manipulation of the argument file_upload leads to unrestricted upload.…

  • CVE-2021-42627Aug 23, 2022
    risk 0.06cvss epss 0.67

    The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page.

  • CVE-2021-46378Mar 4, 2022
    risk 0.06cvss epss 0.32

    DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download.

  • CVE-2021-21816Jul 16, 2021
    risk 0.06cvss epss 0.36

    An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.

  • CVE-2021-27250Apr 14, 2021
    risk 0.06cvss epss 0.66

    This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI…

  • CVE-2013-7051Feb 4, 2020
    risk 0.06cvss epss 0.16

    D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters

  • CVE-2013-1601Jan 28, 2020
    risk 0.06cvss epss 0.13

    An Information Disclosure vulnerability exists due to a failure to restrict access on the lums.cgi script when processing a live video stream in D-LINK An Information Disclosure vulnerability exists due to a failure to restrict access on the lums.cgi script when processing a…

  • CVE-2018-15517Jan 31, 2019
    risk 0.06cvss epss 0.44

    The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/…

  • CVE-2018-10824Oct 17, 2018
    risk 0.06cvss epss 0.12

    An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in…

  • CVE-2007-1435Mar 13, 2007
    risk 0.06cvss epss 0.43

    Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to cause a denial of service (crash) via a long (1) GET or (2) PUT request, which triggers memory corruption. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2024-57045Feb 18, 2025
    risk 0.05cvss epss 0.32

    A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page.

  • CVE-2023-43240Sep 21, 2023
    risk 0.05cvss epss 0.12

    D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter.

  • CVE-2023-43237Sep 21, 2023
    risk 0.05cvss epss 0.12

    D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC.

  • CVE-2023-43239Sep 21, 2023
    risk 0.05cvss epss 0.12

    D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC.

  • CVE-2023-26613Jun 29, 2023
    risk 0.05cvss epss 0.31

    An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted GET request to EXCU_SHELL.

  • CVE-2023-34800Jun 15, 2023
    risk 0.05cvss epss 0.29

    D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at genacgi_main.

  • CVE-2020-27600Apr 2, 2021
    risk 0.05cvss epss 0.14

    HNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-846 DIR-846 A1_100.26 allows remote attackers to execute arbitrary commands via shell metacharacters in the ssid0 or ssid1 parameter.

  • CVE-2020-26567Oct 8, 2020
    risk 0.05cvss epss 0.17

    An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore unusable for several minutes.

  • CVE-2013-7054Feb 4, 2020
    risk 0.05cvss epss 0.04

    D-Link DIR-100 4.03B07: cli.cgi XSS

  • CVE-2013-7389Jul 7, 2014
    risk 0.05cvss epss 0.28

    Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3)…

  • CVE-2006-3687Jul 21, 2006
    risk 0.05cvss epss 0.19

    Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute…

  • CVE-2005-1827May 26, 2005
    risk 0.05cvss epss 0.20

    D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg.

  • CVE-2025-10666Sep 18, 2025
    risk 0.04cvss epss 0.03

    A security flaw has been discovered in D-Link DIR-825 up to 2.10. Affected by this vulnerability is the function sub_4106d4 of the file apply.cgi. The manipulation of the argument countdown_time results in buffer overflow. The attack can be executed remotely. The exploit has…

  • CVE-2024-57376Jan 28, 2025
    risk 0.04cvss epss 0.04

    Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N from 3.13 to 3.17B901C allows unauthenticated users to execute remote code execution.

  • CVE-2024-33113May 6, 2024
    risk 0.04cvss epss 0.03

    D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php.

  • CVE-2023-32167May 3, 2024
    risk 0.04cvss epss 0.77

    D-Link D-View uploadMib Directory Traversal Arbitrary File Creation or Deletion Vulnerability. This vulnerability allows remote attackers to create and delete arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. …

  • CVE-2024-33344Apr 26, 2024
    risk 0.04cvss epss 0.20

    D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell.

Page 9 of 37