Filtered by vendor Dlink
Subscriptions
Total
942 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-7245 | 2 D-link, Dlink | 2 Dvg-n5402sp Firmware, Dvg-n5402sp | 2024-08-06 | N/A |
Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter. | ||||
CVE-2015-7247 | 2 D-link, Dlink | 2 Dvg-n5402sp Firmware, Dvg-n5402sp | 2024-08-06 | N/A |
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information. | ||||
CVE-2015-7246 | 2 D-link, Dlink | 2 Dvg-n5402sp Firmware, Dvg-n5402sp | 2024-08-06 | N/A |
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access. | ||||
CVE-2015-5999 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2024-08-06 | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi. | ||||
CVE-2015-2050 | 1 Dlink | 2 Dap-1320, Dap-1320 Firmware | 2024-08-06 | N/A |
D-Link DAP-1320 Rev Ax with firmware before 1.21b05 allows attackers to execute arbitrary commands via unspecified vectors. | ||||
CVE-2015-2049 | 1 Dlink | 2 Dcs-931l, Dcs-931l Firmware | 2024-08-06 | N/A |
Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension. | ||||
CVE-2015-2051 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2024-08-06 | 9.8 Critical |
The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. | ||||
CVE-2015-2052 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2024-08-06 | N/A |
Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface. | ||||
CVE-2015-1187 | 2 Dlink, Trendnet | 30 Dir-626l, Dir-626l Firmware, Dir-636l and 27 more | 2024-08-06 | 9.8 Critical |
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. | ||||
CVE-2015-1028 | 1 Dlink | 2 Dsl-2730b, Dsl-2730b Firmware | 2024-08-06 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer). | ||||
CVE-2015-0150 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-08-06 | N/A |
The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to bypass intended access restrictions via unspecified vectors. | ||||
CVE-2015-0153 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-08-06 | N/A |
D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key. | ||||
CVE-2015-0151 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-08-06 | N/A |
Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | ||||
CVE-2015-0152 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-08-06 | N/A |
D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the administrative password. | ||||
CVE-2016-20017 | 1 Dlink | 2 Dsl-2750b, Dsl-2750b Firmware | 2024-08-06 | 9.8 Critical |
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022. | ||||
CVE-2016-11021 | 1 Dlink | 2 Dcs-930l, Dcs-930l Firmware | 2024-08-06 | 7.2 High |
setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter. | ||||
CVE-2016-10699 | 1 Dlink | 2 Dsl-2740e, Dsl-2740e Firmware | 2024-08-06 | N/A |
D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a victim when checking the router logs. | ||||
CVE-2016-10405 | 2 D-link, Dlink | 2 Dir-600l Firmware, Dir-600l | 2024-08-06 | N/A |
Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors. | ||||
CVE-2016-10183 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2024-08-06 | 7.5 High |
An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal. | ||||
CVE-2016-10180 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2024-08-06 | 7.5 High |
An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding. |