Filtered by vendor Dlink
Subscribe
Total
1064 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15909 | 1 Dlink | 2 Dgs-1500, Dgs-1500 Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access. | |||||
| CVE-2017-14426 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 2.1 LOW | 7.8 HIGH |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target) permissions. | |||||
| CVE-2017-6205 | 1 Dlink | 7 Websmart Dgs-1510-20, Websmart Dgs-1510-28, Websmart Dgs-1510-28p and 4 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Command Bypass attacks via unspecified vectors. | |||||
| CVE-2017-14427 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 2.1 LOW | 7.8 HIGH |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions. | |||||
| CVE-2017-14417 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services. | |||||
| CVE-2015-1187 | 2 Dlink, Trendnet | 30 Dir-626l, Dir-626l Firmware, Dir-636l and 27 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. | |||||
| CVE-2017-17065 | 1 Dlink | 2 Dir-605l Model B, Dir-605l Model B Firmware | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06_hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service (device crash) or possibly have unspecified other impact by sending a sufficiently long string in the password field of the HTTP Basic Authentication section of the HTTP request. | |||||
| CVE-2014-7859 | 2 D-link, Dlink | 10 Dnr-320l Firmware, Dnr-326 Firmware, Dns-320lw Firmware and 7 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and "Referer" header values. | |||||
| CVE-2016-10183 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal. | |||||
| CVE-2015-7247 | 2 D-link, Dlink | 2 Dvg-n5402sp Firmware, Dvg-n5402sp | 2025-04-20 | 7.8 HIGH | 9.8 CRITICAL |
| D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2017-14424 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 2.1 LOW | 7.8 HIGH |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions. | |||||
| CVE-2017-7852 | 1 Dlink | 52 Dcs-2132l, Dcs-2132l Firmware, Dcs-2136l and 49 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim's DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1. | |||||
| CVE-2017-12943 | 1 Dlink | 2 Dir-600 B1, Dir-600 B1 Firmware | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password. | |||||
| CVE-2015-7246 | 2 D-link, Dlink | 2 Dvg-n5402sp Firmware, Dvg-n5402sp | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access. | |||||
| CVE-2017-16765 | 1 Dlink | 2 Dwr-933, Dwr-933 Firmware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi. | |||||
| CVE-2017-14430 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via crafted LAN traffic. | |||||
| CVE-2017-3192 | 2 D-link, Dlink | 4 Dir-130 Firmware, Dir-330 Firmware, Dir-130 and 1 more | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device. | |||||
| CVE-2016-10405 | 2 D-link, Dlink | 2 Dir-600l Firmware, Dir-600l | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2017-14422 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | |||||
| CVE-2017-14418 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 4.3 MEDIUM | 8.1 HIGH |
| The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services. | |||||