Search
Search Results (28 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13960 | 1 Dlink | 4 Dir-600m, Dir-600m Firmware, Dsl-2730u and 1 more | 2024-11-21 | 7.5 High |
| D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses (and also offer Internet services such as HTTP) for names that otherwise would have had an NXDOMAIN error, by registering a subdomain of the domain.name domain name. | ||||
| CVE-2019-7736 | 1 Dlink | 2 Dir-600m, Dir-600m Firmware | 2024-11-21 | N/A |
| D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page. NOTE: this may overlap CVE-2019-13101. | ||||
| CVE-2019-18852 | 1 Dlink | 14 Dir-600 B1, Dir-600 B1 Firmware, Dir-615 J1 and 11 more | 2024-11-21 | 9.8 Critical |
| Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00. | ||||
| CVE-2019-13101 | 1 Dlink | 2 Dir-600m, Dir-600m Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page. | ||||
| CVE-2018-6936 | 2 D-link, Dlink | 2 Dir-600m C1 Firmware, Dir-600m C1 | 2024-11-21 | N/A |
| Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account. | ||||
| CVE-2018-16605 | 1 Dlink | 2 Dir-600m, Dir-600m Firmware | 2024-11-21 | 5.4 Medium |
| D-Link DIR-600M devices allow XSS via the Hostname and Username fields in the Dynamic DNS Configuration page. | ||||
| CVE-2018-10641 | 1 Dlink | 2 Dir-600l, Dir-601 Firmware | 2024-11-21 | N/A |
| D-Link DIR-601 A1 1.02NA devices do not require the old password for a password change, which occurs in cleartext. | ||||
| CVE-2013-7471 | 1 Dlink | 10 Dir-300, Dir-300 Firmware, Dir-600 and 7 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request. | ||||