Filtered by vendor Dlink
Subscriptions
Total
942 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25506 | 1 Dlink | 2 Dns-320, Dns-320 Firmware | 2024-08-04 | 9.8 Critical |
| D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution. | ||||
| CVE-2020-25368 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-08-04 | 9.8 Critical |
| A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login. | ||||
| CVE-2020-25367 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-08-04 | 9.8 Critical |
| A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login. | ||||
| CVE-2020-25366 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-08-04 | 9.1 Critical |
| An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors. | ||||
| CVE-2020-25079 | 1 Dlink | 4 Dcs-2530l, Dcs-2530l Firmware, Dcs-2670l and 1 more | 2024-08-04 | 8.8 High |
| An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection. | ||||
| CVE-2020-25078 | 1 Dlink | 4 Dcs-2530l, Dcs-2530l Firmware, Dcs-2670l and 1 more | 2024-08-04 | 7.5 High |
| An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure. | ||||
| CVE-2020-24577 | 1 Dlink | 2 Dsl-2888a, Dsl-2888a Firmware | 2024-08-04 | 7.5 High |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. The One Touch application discloses sensitive information, such as the hashed admin login password and the Internet provider connection username and cleartext password, in the application's response body for a /tmp/var/passwd or /tmp/home/wan_stat URI. | ||||
| CVE-2020-24578 | 1 Dlink | 2 Dsl2888a, Dsl2888a Firmware | 2024-08-04 | 6.5 Medium |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files (such as the password hash file). | ||||
| CVE-2020-24580 | 1 Dlink | 2 Dsl2888a, Dsl2888a Firmware | 2024-08-04 | 7.5 High |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Lack of authentication functionality allows an attacker to assign a static IP address that was once used by a valid user. | ||||
| CVE-2020-24581 | 1 Dlink | 2 Dsl2888a, Dsl2888a Firmware | 2024-08-04 | 8.0 High |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It contains an execute_cmd.cgi feature (that is not reachable via the web user interface) that lets an authenticated user execute Operating System commands. | ||||
| CVE-2020-24579 | 1 Dlink | 2 Dsl2888a, Dsl2888a Firmware | 2024-08-04 | 8.8 High |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality. | ||||
| CVE-2020-21016 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-08-04 | 9.8 Critical |
| D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php. | ||||
| CVE-2020-19320 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2024-08-04 | 9.8 Critical |
| Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the curTime parameter on login. | ||||
| CVE-2020-19319 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2024-08-04 | 9.8 Critical |
| Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the FILECODE parameter on login. | ||||
| CVE-2020-19318 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-08-04 | 8.8 High |
| Buffer Overflow vulnerability in D-Link DIR-605L, hardware version AX, firmware version 1.17beta and below, allows authorized attackers execute arbitrary code via sending crafted data to the webserver service program. | ||||
| CVE-2020-19323 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2024-08-04 | 7.5 High |
| An issue was discovered in /bin/mini_upnpd on D-Link DIR-619L 2.06beta devices. There is a heap buffer overflow allowing remote attackers to restart router via the M-search request ST parameter. No authentication required | ||||
| CVE-2020-18568 | 1 Dlink | 4 Dsr-1000n, Dsr-1000n Firmware, Dsr-250 and 1 more | 2024-08-04 | 9.8 Critical |
| The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution. | ||||
| CVE-2020-15895 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2024-08-04 | 6.1 Medium |
| An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage. | ||||
| CVE-2020-15892 | 1 Dlink | 2 Dap-1520, Dap-1520 Firmware | 2024-08-04 | 9.8 Critical |
| An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a user performs a login action from the web interface, the request values are being forwarded to the ssi binary. On the login page, the web interface restricts the password input field to a fixed length of 15 characters. The problem is that validation is being done on the client side, hence it can be bypassed. When an attacker manages to intercept the login request (POST based) and tampers with the vulnerable parameter (log_pass), to a larger length, the request will be forwarded to the webserver. This results in a stack-based buffer overflow. A few other POST variables, (transferred as part of the login request) are also vulnerable: html_response_page and log_user. | ||||
| CVE-2020-15896 | 1 Dlink | 2 Dap-1522, Dap-1522 Firmware | 2024-08-04 | 7.5 High |
| An authentication-bypass issue was discovered on D-Link DAP-1522 devices 1.4x before 1.10b04Beta02. There exist a few pages that are directly accessible by any unauthorized user, e.g., logout.php and login.php. This occurs because of checking the value of NO_NEED_AUTH. If the value of NO_NEED_AUTH is 1, the user has direct access to the webpage without any authentication. By appending a query string NO_NEED_AUTH with the value of 1 to any protected URL, any unauthorized user can access the application directly, as demonstrated by bsc_lan.php?NO_NEED_AUTH=1. | ||||