Filtered by vendor Dlink
Subscriptions
Total
942 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15894 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2024-08-04 | 7.5 High |
| An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT. | ||||
| CVE-2020-15893 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2024-08-04 | 9.8 Critical |
| An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. | ||||
| CVE-2020-15633 | 2 D-link, Dlink | 6 Dir-867 Firmware, Dir-878 Firmware, Dir-882 Firmware and 3 more | 2024-08-04 | 8.8 High |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP requests. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-10835. | ||||
| CVE-2020-15631 | 1 Dlink | 2 Dap-1860, Dap-1860 Firmware | 2024-08-04 | 8.0 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 1.04B03_HOTFIX WiFi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the SOAPAction header, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-10084. | ||||
| CVE-2020-15632 | 1 Dlink | 2 Dir-842, Dir-842 Firmware | 2024-08-04 | 8.8 High |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HNAP GetCAPTCHAsetting requests. The issue results from the lack of proper handling of sessions. An attacker can leverage this vulnerability to execute arbitrary code in the context of the device. Was ZDI-CAN-10083. | ||||
| CVE-2020-13960 | 1 Dlink | 4 Dir-600m, Dir-600m Firmware, Dsl-2730u and 1 more | 2024-08-04 | 7.5 High |
| D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses (and also offer Internet services such as HTTP) for names that otherwise would have had an NXDOMAIN error, by registering a subdomain of the domain.name domain name. | ||||
| CVE-2020-13782 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-08-04 | 8.8 High |
| D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. | ||||
| CVE-2020-13783 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-08-04 | 7.5 High |
| D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information. | ||||
| CVE-2020-13787 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-08-04 | 7.5 High |
| D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information. | ||||
| CVE-2020-13786 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-08-04 | 8.8 High |
| D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF. | ||||
| CVE-2020-13785 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-08-04 | 7.5 High |
| D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength. | ||||
| CVE-2020-13784 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-08-04 | 7.5 High |
| D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. | ||||
| CVE-2020-13150 | 1 Dlink | 2 Dsl-2750u, Dsl-2750u Firmware | 2024-08-04 | 7.8 High |
| D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active. | ||||
| CVE-2020-13135 | 1 Dlink | 2 Dsp-w215, Dsp-w215 Firmware | 2024-08-04 | 6.5 Medium |
| D-Link DSP-W215 1.26b03 devices allow information disclosure by intercepting messages on the local network, as demonstrated by a Squid Proxy. | ||||
| CVE-2020-13136 | 1 Dlink | 2 Dsp-w215, Dsp-w215 Firmware | 2024-08-04 | 7.5 High |
| D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer. | ||||
| CVE-2020-12695 | 22 Asus, Broadcom, Canon and 19 more | 218 Rt-n11, Adsl, Selphy Cp1200 and 215 more | 2024-08-04 | 7.5 High |
| The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | ||||
| CVE-2020-9376 | 1 Dlink | 2 Dir-610, Dir-610 Firmware | 2024-08-04 | 7.5 High |
| D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-10215 | 2 Dlink, Trendnet | 4 Dir-825, Dir-825 Firmware, Tew-632brp and 1 more | 2024-08-04 | 8.8 High |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected. | ||||
| CVE-2020-10214 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2024-08-04 | 8.8 High |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntp_sync.cgi with a sufficiently long parameter ntp_server. | ||||
| CVE-2020-10213 | 2 Dlink, Trendnet | 4 Dir-825, Dir-825 Firmware, Tew-632brp and 1 more | 2024-08-04 | 8.8 High |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected. | ||||