Filtered by vendor D-link
Subscriptions
Total
217 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-6211 | 2 D-link, Dlink | 2 Dir-620 Firmware, Dir-620 | 2024-08-05 | N/A |
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi. | ||||
CVE-2018-5371 | 2 D-link, Dlink | 4 Dsl-2540u Firmware, Dsl-2640u Firmware, Dsl-2540u and 1 more | 2024-08-05 | N/A |
diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request. | ||||
CVE-2019-17663 | 2 D-link, Dlink | 2 Dir-866l Firmware, Dir-866l | 2024-08-05 | 6.1 Medium |
D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessage in the device common gateway interface, leading to common injection. | ||||
CVE-2019-9124 | 2 D-link, Dlink | 2 Dir-878 Firmware, Dir-878 | 2024-08-04 | N/A |
An issue was discovered on D-Link DIR-878 1.12B01 devices. At the /HNAP1 URI, an attacker can log in with a blank password. | ||||
CVE-2019-9125 | 2 D-link, Dlink | 2 Dir-878 Firmware, Dir-878 | 2024-08-04 | N/A |
An issue was discovered on D-Link DIR-878 1.12B01 devices. Because strncpy is misused, there is a stack-based buffer overflow vulnerability that does not require authentication via the HNAP_AUTH HTTP header. | ||||
CVE-2019-7297 | 2 D-link, Dlink | 2 Dir-823g Firmware, Dir-823g | 2024-08-04 | N/A |
An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system function with an untrusted input parameter named Address. Consequently, an attacker can execute any command remotely when they control this input. | ||||
CVE-2019-6258 | 2 D-link, Dlink | 2 Dir-822 Firmware, Dir-822 | 2024-08-04 | 9.8 Critical |
D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow a buffer overflow via long MacAddress data in a /HNAP1/SetClientInfo HNAP protocol message, which is mishandled in /usr/sbin/udhcpd during reading of the /var/servd/LAN-1-udhcpd.conf file. | ||||
CVE-2020-15633 | 2 D-link, Dlink | 6 Dir-867 Firmware, Dir-878 Firmware, Dir-882 Firmware and 3 more | 2024-08-04 | 8.8 High |
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP requests. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-10835. | ||||
CVE-2020-9544 | 1 D-link | 2 Dsl-2640b, Dsl-2640b Firmware | 2024-08-04 | 7.5 High |
An issue was discovered on D-Link DSL-2640B E1 EU_1.01 devices. The administrative interface doesn't perform authentication checks for a firmware-update POST request. Any attacker that can access the administrative interface can install firmware of their choice. | ||||
CVE-2021-41503 | 2 D-link, Dlink | 4 Dcs-5000l Firmware, Dcs-5000l, Dcs-932l and 1 more | 2024-08-04 | 8.0 High |
DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
CVE-2021-33259 | 2 D-link, Dlink | 2 Dir-868lw Firmware, Dir-868lw | 2024-08-03 | 5.3 Medium |
Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history. | ||||
CVE-2021-26709 | 1 D-link | 1 Dsl-320b-d1 | 2024-08-03 | 9.8 Critical |
D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
CVE-2022-44928 | 1 D-link | 2 Dvg-g5402sp, Dvg-g5402sp Firmware | 2024-08-03 | 9.8 Critical |
D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function. | ||||
CVE-2022-44929 | 1 D-link | 2 Dvg-g5402sp, Dvg-g5402sp Firmware | 2024-08-03 | 9.8 Critical |
An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles. | ||||
CVE-2024-33342 | 1 D-link | 1 Dir-822 | 2024-08-02 | 7.5 High |
D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell. | ||||
CVE-2024-33344 | 1 D-link | 1 Dir-822 | 2024-08-02 | 9.8 Critical |
D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell. | ||||
CVE-2024-33345 | 1 D-link | 1 Dir-823g | 2024-08-02 | 6.5 Medium |
D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer dereference in the main function of upload_firmware.cgi, which allows remote attackers to cause a Denial of Service (DoS) via a crafted input. |