Filtered by vendor Dlink Subscriptions
Total 903 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-3273 1 Dlink 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more 2024-08-14 7.3 High
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
CVE-2020-9377 1 Dlink 2 Dir-610, Dir-610 Firmware 2024-08-14 8.8 High
D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2014-100005 1 Dlink 2 Dir-600, Dir-600 Firmware 2024-08-13 8.8 High
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.
CVE-2002-1810 1 Dlink 2 Dwl-900ap\+, Dwl-900ap\+ Firmware 2024-08-08 7.5 High
D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information.
CVE-2004-0615 2 D-link, Dlink 3 Di-614\+, Di-704p, Di-624 2024-08-08 N/A
Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request.
CVE-2005-4723 2 D-link, Dlink 4 Di-524, Di-784, Di-524 and 1 more 2024-08-07 N/A
D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment.
CVE-2005-1827 1 Dlink 2 Dsl-504t, Dsl-504t Firmware 2024-08-07 N/A
D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg.
CVE-2005-1828 1 Dlink 2 Dsl-504t, Dsl-504t Firmware 2024-08-07 7.5 High
D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information.
CVE-2024-41616 1 Dlink 2 Dir-300, Dir-300 Firmware 2024-08-07 8.8 High
D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service.
CVE-2006-3687 2 D-link, Dlink 7 Di-604 Broadband Router, Di-784, Ebr-2310 Ethernet Broadband Router and 4 more 2024-08-07 N/A
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900.
CVE-2008-1266 1 Dlink 1 Di-524 2024-08-07 N/A
Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value.
CVE-2009-4821 1 Dlink 1 Dir-615 2024-08-07 N/A
The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors.
CVE-2009-1740 1 Dlink 1 Mpeg4 Viewer Activex Control 2024-08-07 N/A
Multiple heap-based buffer overflows in the D-Link MPEG4 Viewer ActiveX Control (csviewer.ocx) 2.11.918.2006 allow remote attackers to execute arbitrary code via a long argument to the (1) SetFilePath and (2) SetClientCookie methods. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-4965 1 Dlink 2 Dcs-2121, Dcs-2121 Firmware 2024-08-07 N/A
/etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server.
CVE-2010-4964 1 Dlink 2 Dcs-2121, Dcs-2121 Firmware 2024-08-07 N/A
recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon injection" vulnerability.
CVE-2011-4821 1 Dlink 2 Dir-601, Dir-601 Firmware 2024-08-07 N/A
Directory traversal vulnerability in the TFTP server in D-Link DIR-601 Wireless N150 Home Router with firmware 1.02NA allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2011-4723 1 Dlink 1 Dir-300 2024-08-07 N/A
The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.
CVE-2011-4507 1 Dlink 1 Dir-685 2024-08-07 N/A
The D-Link DIR-685 router, when certain WPA and WPA2 configurations are used, does not maintain an encrypted wireless network during transfer of a large amount of network traffic, which allows remote attackers to obtain sensitive information or bypass authentication via a Wi-Fi device.
CVE-2011-3992 1 Dlink 6 Des-3800, Des-3800 Firmware, Dwl-2100ap and 3 more 2024-08-06 N/A
Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors.
CVE-2012-6613 1 Dlink 2 Dsr-250n, Dsr-250n Firmware 2024-08-06 7.2 High
D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account.