Filtered by vendor Dlink
Subscriptions
Total
1042 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-46552 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-11-21 | 8.8 High |
D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request. | ||||
CVE-2022-46476 | 1 Dlink | 2 Dir-859 A1, Dir-859 A1 Firmware | 2024-11-21 | 9.8 Critical |
D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function. | ||||
CVE-2022-46475 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2024-11-21 | 9.8 Critical |
D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack overflow via the service= variable in the genacgi_main function. | ||||
CVE-2022-46076 | 1 Dlink | 4 Dir-869, Dir-869 Firmware, Dir-869ax and 1 more | 2024-11-21 | 7.5 High |
D-Link DIR-869 DIR869Ax_FW102B15 is vulnerable to Authentication Bypass via phpcgi. | ||||
CVE-2022-44930 | 1 Dlink | 2 Dhp-w310av, Dhp-w310av Firmware | 2024-11-21 | 9.8 Critical |
D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function. | ||||
CVE-2022-44832 | 1 Dlink | 2 Dir-3040, Dir-3040 Firmware | 2024-11-21 | 9.8 Critical |
D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function. | ||||
CVE-2022-44808 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | 9.8 Critical |
A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability. | ||||
CVE-2022-44807 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2024-11-21 | 9.8 Critical |
D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString. | ||||
CVE-2022-44806 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2024-11-21 | 9.8 Critical |
D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow. | ||||
CVE-2022-44804 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2024-11-21 | 9.8 Critical |
D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function. | ||||
CVE-2022-44801 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2024-11-21 | 9.8 Critical |
D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control. | ||||
CVE-2022-44204 | 1 Dlink | 2 Dir-3060, Dir-3060 Firmware | 2024-11-21 | 9.8 Critical |
D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow. | ||||
CVE-2022-44202 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2024-11-21 | 9.8 Critical |
D-Link DIR878 1.02B04 and 1.02B05 are vulnerable to Buffer Overflow. | ||||
CVE-2022-44201 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | 9.8 Critical |
D-Link DIR823G 1.02B05 is vulnerable to Commad Injection. | ||||
CVE-2022-43648 | 1 Dlink | 2 Dir-3040, Dir-3040 Firmware | 2024-11-21 | 8.8 High |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 1.20B03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MiniDLNA service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the MiniDLNA service. Was ZDI-CAN-19910. | ||||
CVE-2022-43647 | 1 Dlink | 4 Dir-825\/ac, Dir-825\/ac Firmware, Dir-825\/ee and 1 more | 2024-11-21 | 8.8 High |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19464. | ||||
CVE-2022-43646 | 1 Dlink | 4 Dir-825\/ac, Dir-825\/ac Firmware, Dir-825\/ee and 1 more | 2024-11-21 | 8.8 High |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Vimeo plugin for the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19463. | ||||
CVE-2022-43645 | 1 Dlink | 4 Dir-825\/ac, Dir-825\/ac Firmware, Dir-825\/ee and 1 more | 2024-11-21 | 8.8 High |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IVI plugin for the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19462. | ||||
CVE-2022-43644 | 1 Dlink | 4 Dir-825\/ac, Dir-825\/ac Firmware, Dir-825\/ee and 1 more | 2024-11-21 | 8.8 High |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19461. | ||||
CVE-2022-43643 | 1 Dlink | 4 Dir-825\/ac, Dir-825\/ac Firmware, Dir-825\/ee and 1 more | 2024-11-21 | 8.8 High |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Generic plugin for the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19460. |