Filtered by vendor Dlink
Subscribe
Total
1369 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-30063 | 1 Dlink | 2 Dir-890l, Dir-890l Firmware | 2025-01-30 | N/A | 7.5 HIGH |
| D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass. | |||||
| CVE-2023-30061 | 1 Dlink | 2 Dir-879, Dir-879 Firmware | 2025-01-30 | N/A | 7.5 HIGH |
| D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via phpcgi. | |||||
| CVE-2023-29961 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2025-01-23 | N/A | 9.8 CRITICAL |
| D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack overflow via /goform/formTcpipSetup, | |||||
| CVE-2023-31814 | 1 Dlink | 2 Dir-300, Dir-300 Firmware | 2025-01-17 | N/A | 9.8 CRITICAL |
| D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php. | |||||
| CVE-2023-33735 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2025-01-10 | N/A | 9.8 CRITICAL |
| D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in the /HNAP1 interface. | |||||
| CVE-2022-37056 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-01-09 | N/A | 9.8 CRITICAL |
| D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 is vulnerable to Command Injection via /cgibin, hnap_main, | |||||
| CVE-2019-10891 | 1 Dlink | 2 Dir-806, Dir-806 Firmware | 2025-01-09 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in D-Link DIR-806 devices. There is a command injection in function hnap_main, which calls system() without checking the parameter that can be controlled by user, and finally allows remote attackers to execute arbitrary shell commands with a special HTTP header. | |||||
| CVE-2023-33781 | 1 Dlink | 2 Dir-842v2, Dir-842v2 Firmware | 2025-01-07 | N/A | 8.8 HIGH |
| An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing a crafted file. | |||||
| CVE-2023-33782 | 1 Dlink | 2 Dir-842v2, Dir-842v2 Firmware | 2025-01-06 | N/A | 8.8 HIGH |
| D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function. | |||||
| CVE-2023-34856 | 1 Dlink | 2 Di-7500g-ci, Di-7500g-ci Firmware | 2025-01-06 | N/A | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /auth_pic.cgi. | |||||
| CVE-2022-37057 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-01-06 | N/A | 9.8 CRITICAL |
| D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Command Injection via cgibin, ssdpcgi_main. | |||||
| CVE-2022-37055 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-01-06 | N/A | 9.8 CRITICAL |
| D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main, | |||||
| CVE-2024-1786 | 1 Dlink | 2 Dir-600m, Dir-600m Firmware | 2024-12-17 | 7.8 HIGH | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DIR-600M C1 3.08. Affected by this issue is some unknown functionality of the component Telnet Service. The manipulation of the argument username leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254576. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | |||||
| CVE-2023-34800 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2024-12-16 | N/A | 9.8 CRITICAL |
| D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at genacgi_main. | |||||
| CVE-2024-11959 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-12-04 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-11960 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-12-04 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-3272 | 1 Dlink | 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more | 2024-11-29 | 10.0 HIGH | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | |||||
| CVE-2023-32223 | 1 Dlink | 2 Dsl-224, Dsl-224 Firmware | 2024-11-27 | N/A | 8.8 HIGH |
| D-Link DSL-224 firmware version 3.0.10 allows post authentication command execution via an unspecified method. | |||||
| CVE-2024-9792 | 1 Dlink | 2 Dsl-2750u, Dsl-2750u Firmware | 2024-11-25 | 3.3 LOW | 2.4 LOW |
| A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017. This affects an unknown part of the component Port Forwarding Page. The manipulation of the argument PortMappingDescription leads to cross site scripting. It is possible to initiate the attack remotely. | |||||
| CVE-2023-51613 | 1 Dlink | 2 Dir-x3260, Dir-x3260 Firmware | 2024-11-25 | N/A | 8.0 HIGH |
| D-Link DIR-X3260 prog.cgi SetDynamicDNSSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21590. | |||||