Filtered by vendor Dlink Subscriptions
Total 903 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2012-6614 1 Dlink 2 Dsr-250n, Dsr-250n Firmware 2024-08-06 7.2 High
D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password.
CVE-2012-5966 1 Dlink 1 Dsl-2730u 2024-08-06 N/A
The restricted telnet shell on the D-Link DSL2730U router allows remote authenticated users to bypass intended command restrictions via shell metacharacters that follow a whitelisted command.
CVE-2012-5319 1 Dlink 3 Dcs-2000, Dcs-5300, Dcs-900 2024-08-06 N/A
Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the rootpass parameter.
CVE-2012-5306 1 Dlink 2 Camera Stream Client Activex Control, Dcs-5605 Ptz Ip Network Camera 2024-08-06 N/A
Stack-based buffer overflow in the SelectDirectory method in DcsCliCtrl.dll in Camera Stream Client ActiveX Control, as used in D-Link DCS-5605 PTZ IP Network Camera, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string argument.
CVE-2012-4046 1 Dlink 2 Dcs-932l, Dcs-932l Firmware 2024-08-06 N/A
The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value.
CVE-2012-1308 1 Dlink 2 Dsl-2640b, Dsl-2640b Firmware 2024-08-06 N/A
Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.
CVE-2013-7389 1 Dlink 2 Dir-645, Dir-645 Firmware 2024-08-06 N/A
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.
CVE-2013-7471 1 Dlink 10 Dir-300, Dir-300 Firmware, Dir-600 and 7 more 2024-08-06 9.8 Critical
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.
CVE-2013-7308 1 Dlink 2 Des-3810-28, Des-3810-28 Firmware 2024-08-06 N/A
The OSPF implementation on the D-Link DES-3810-28 switch with firmware R2.20.B017 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
CVE-2013-7051 1 Dlink 2 Dir-100, Dir-100 Firmware 2024-08-06 8.8 High
D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters
CVE-2013-7052 1 Dlink 2 Dir-100, Dir-100 Firmware 2024-08-06 9.8 Critical
D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script
CVE-2013-7005 1 Dlink 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more 2024-08-06 N/A
D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive information by reading the Users[#]["Password"] fields in /tmp/teamf1.cfg.ascii.
CVE-2013-7004 1 Dlink 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more 2024-08-06 N/A
D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username.
CVE-2013-7053 1 Dlink 2 Dir-100, Dir-100 Firmware 2024-08-06 8.8 High
D-Link DIR-100 4.03B07: cli.cgi CSRF
CVE-2013-7055 1 Dlink 2 Dir-100, Dir-100 Firmware 2024-08-06 9.8 Critical
D-Link DIR-100 4.03B07 has PPTP and poe information disclosure
CVE-2013-7054 1 Dlink 2 Dir-100, Dir-100 Firmware 2024-08-06 6.1 Medium
D-Link DIR-100 4.03B07: cli.cgi XSS
CVE-2013-6786 6 Allegrosoft, Dlink, Huawei and 3 more 7 Rompager, Dsl-2640r, Dsl-2641r and 4 more 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a "URL redirection" issue that some sources list separately.
CVE-2013-6026 3 Alphanetworks, Dlink, Planex 13 Vdsl Asl-55052, Vdsl Asl-56552, Di-524up and 10 more 2024-08-06 N/A
The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013.
CVE-2013-5997 1 Dlink 2 Des-3800, Des-3800 Firmware 2024-08-06 N/A
Unspecified vulnerability in the SSH implementation on D-Link Japan DES-3800 devices with firmware before R4.50B58 allows remote authenticated users to cause a denial of service (device hang) via unknown vectors, a different vulnerability than CVE-2013-5998.
CVE-2013-6027 1 Dlink 1 Dir-100 2024-08-06 N/A
Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/tools_misc.xgi.