Filtered by vendor Dlink
Subscriptions
Total
942 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-46442 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2024-08-04 | 9.8 Critical |
In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization. | ||||
CVE-2021-46452 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2024-08-04 | 9.8 Critical |
D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via the tomography_ping_address, tomography_ping_number, tomography_ping_size, tomography_ping_timeout, and tomography_ping_ttl parameters. | ||||
CVE-2021-46453 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2024-08-04 | 9.8 Critical |
D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStaticRouteSettings. This vulnerability allows attackers to execute arbitrary commands via the staticroute_list parameter. | ||||
CVE-2021-46381 | 1 Dlink | 2 Dap-1620, Dap-1620 Firmware | 2024-08-04 | 7.5 High |
Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow]. | ||||
CVE-2021-46441 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2024-08-04 | 8.8 High |
In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization. | ||||
CVE-2021-46379 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2024-08-04 | 6.1 Medium |
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site. | ||||
CVE-2021-46378 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2024-08-04 | 7.5 High |
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download. | ||||
CVE-2021-46353 | 1 Dlink | 2 Dir-x1860, Dir-x1860 Firmware | 2024-08-04 | 5.3 Medium |
An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote unauthenticated attacker to send a specially crafted HTTP request and gain knowledge of different absolute paths that are being used by the web application. | ||||
CVE-2021-46228 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-08-04 | 9.8 Critical |
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpd_debug.asp. This vulnerability allows attackers to execute arbitrary commands via the time parameter. | ||||
CVE-2021-46227 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-08-04 | 9.8 Critical |
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function proxy_client.asp. This vulnerability allows attackers to execute arbitrary commands via the proxy_srv, proxy_srvport, proxy_lanip, proxy_lanport parameters. | ||||
CVE-2021-46230 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-08-04 | 9.8 Critical |
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function upgrade_filter. This vulnerability allows attackers to execute arbitrary commands via the path and time parameters. | ||||
CVE-2021-46108 | 1 Dlink | 2 Dsl-2730e, Dsl-2730e Firmware | 2024-08-04 | 5.4 Medium |
D-Link DSL-2730E CT-20131125 devices allow XSS via the username parameter to the password page in the maintenance configuration. | ||||
CVE-2021-46226 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-08-04 | 9.8 Critical |
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function wget_test.asp. This vulnerability allows attackers to execute arbitrary commands via the url parameter. | ||||
CVE-2021-46233 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-08-04 | 9.8 Critical |
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function msp_info.htm. This vulnerability allows attackers to execute arbitrary commands via the cmd parameter. | ||||
CVE-2021-46229 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-08-04 | 9.8 Critical |
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function usb_paswd.asp. This vulnerability allows attackers to execute arbitrary commands via the name parameter. | ||||
CVE-2021-46315 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-08-04 | 9.8 Critical |
Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this vulnerability to use "\ " or backticks in the shell metacharacters in the ssid0 or ssid1 parameters to cause arbitrary command execution. Since CVE-2019-17510 vulnerability has not been patched and improved www/hnap1/control/setwizardconfig.php, can also use line breaks and backquotes to bypass. | ||||
CVE-2021-46232 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-08-04 | 9.8 Critical |
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function version_upgrade.asp. This vulnerability allows attackers to execute arbitrary commands via the path parameter. | ||||
CVE-2021-46314 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-08-04 | 9.8 Critical |
A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backticks can be used for command injection when judging whether it is a reasonable domain name. | ||||
CVE-2021-46319 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-08-04 | 9.8 Critical |
Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use "\ " or backticks to bypass the shell metacharacters in the ssid0 or ssid1 parameters to execute arbitrary commands.This vulnerability is due to the fact that CVE-2019-17509 is not fully patched and can be bypassed by using line breaks or backticks on its basis. | ||||
CVE-2021-46231 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-08-04 | 9.8 Critical |
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function urlrd_opt.asp. This vulnerability allows attackers to execute arbitrary commands via the url_en parameter. |