Filtered by vendor Dlink
Subscribe
Total
1067 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42999 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm. | |||||
| CVE-2022-42998 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd. | |||||
| CVE-2022-42161 | 1 Dlink | 6 Covr 1200, Covr 1200 Firmware, Covr 1202 and 3 more | 2024-11-21 | N/A | 8.8 HIGH |
| D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS. | |||||
| CVE-2022-42160 | 1 Dlink | 6 Covr 1200, Covr 1200 Firmware, Covr 1202 and 3 more | 2024-11-21 | N/A | 8.8 HIGH |
| D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings. | |||||
| CVE-2022-42159 | 1 Dlink | 6 Covr 1200, Covr 1200 Firmware, Covr 1202 and 3 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator. | |||||
| CVE-2022-42156 | 1 Dlink | 6 Covr 1200, Covr 1200 Firmware, Covr 1202 and 3 more | 2024-11-21 | N/A | 8.8 HIGH |
| D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at function SetNetworkTomographySettings. | |||||
| CVE-2022-41140 | 1 Dlink | 6 Dir-867, Dir-867 Firmware, Dir-878 and 3 more | 2024-11-21 | N/A | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13796. | |||||
| CVE-2022-40720 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on TCP port 4044 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the router. Was ZDI-CAN-15935. | |||||
| CVE-2022-40719 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd_generic.lua plugin for the xupnpd service, which listens on TCP port 4044 by default. When parsing the feed parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15906. | |||||
| CVE-2022-40718 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15728. | |||||
| CVE-2022-40717 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15727. | |||||
| CVE-2022-3210 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd service, which listens on TCP port 4044 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15905. | |||||
| CVE-2022-38557 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. | |||||
| CVE-2022-38258 | 1 Dlink | 2 Dir-819, Dir-819 Firmware | 2024-11-21 | N/A | 8.1 HIGH |
| A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 allows attackers to cause a Denial of Service (DoS) or access sensitive server information via manipulation of the getpage parameter in a crafted web request. | |||||
| CVE-2022-37134 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wantype is 3, l2tp_usrname will be decrypted by base64, and the result will be stored in v94, which does not check the size of l2tp_usrname, resulting in stack overflow. | |||||
| CVE-2022-37133 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentication via /goform/doReboot. No authentication is required, and reboot is executed when the function returns at the end. | |||||
| CVE-2022-37130 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerability | |||||
| CVE-2022-37129 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte_4836B0 by snprintf, and finally doSystem(&byte_4836B0); will be executed, resulting in a command injection. | |||||
| CVE-2022-37128 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end. | |||||
| CVE-2022-37125 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost. | |||||