Filtered by vendor D-link
Subscriptions
Total
229 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2901 | 1 D-link | 1 Dwl-2100ap | 2025-04-03 | N/A |
| The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords. | ||||
| CVE-2004-0661 | 1 D-link | 3 Di-604, Di-614\+, Di-624 | 2025-04-03 | N/A |
| Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid for thirteen or more years. | ||||
| CVE-2024-34950 | 1 D-link | 1 Dir-822 | 2025-02-13 | 7.5 High |
| D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer overflow vulnerability in the SetNetworkTomographySettings module. | ||||
| CVE-2023-32167 | 1 D-link | 1 D-view | 2025-02-05 | 6.5 Medium |
| D-Link D-View uploadMib Directory Traversal Arbitrary File Creation or Deletion Vulnerability. This vulnerability allows remote attackers to create and delete arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the uploadMib function. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create or delete files in the context of SYSTEM. . Was ZDI-CAN-19529. | ||||
| CVE-2024-33112 | 1 D-link | 1 Dir-845l | 2025-01-07 | 7.5 High |
| D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func. | ||||
| CVE-2024-11959 | 2 D-link, Dlink | 3 Dir-605l, Dir-605l, Dir-605l Firmware | 2024-12-04 | 8.8 High |
| A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11960 | 2 D-link, Dlink | 3 Dir-605l, Dir-605l, Dir-605l Firmware | 2024-12-04 | 8.8 High |
| A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-32223 | 2 D-link, Dlink | 3 Dsl-224 Firmware, Dsl-224, Dsl-224 Firmware | 2024-11-27 | 8.8 High |
| D-Link DSL-224 firmware version 3.0.10 allows post authentication command execution via an unspecified method. | ||||
| CVE-2023-26615 | 2 D-link, Dlink | 3 Dir-823g, Dir-823g, Dir-823g Firmware | 2024-11-27 | 7.5 High |
| D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from the SetMultipleActions API, allowing unauthorized attackers to reset the WEB page management password. | ||||
| CVE-2023-32222 | 2 D-link, Dlink | 3 Dsl-g256dg, Dsl-g256dg, Dsl-g256dg Firmware | 2024-11-27 | 9.8 Critical |
| D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method. | ||||
| CVE-2023-32224 | 2 D-link, Dlink | 3 Dsl-224 Firmware, Dsl-224, Dsl-224 Firmware | 2024-11-27 | 9.8 Critical |
| D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts | ||||
| CVE-2023-26613 | 2 D-link, Dlink | 3 Dir-823g, Dir-823g, Dir-823g Firmware | 2024-11-27 | 9.8 Critical |
| An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted GET request to EXCU_SHELL. | ||||
| CVE-2023-26616 | 2 D-link, Dlink | 3 Dir-823g, Dir-823g, Dir-823g Firmware | 2024-11-27 | 9.8 Critical |
| D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the URL field in SetParentsControlInfo. | ||||
| CVE-2023-26612 | 2 D-link, Dlink | 3 Dir-823g, Dir-823g, Dir-823g Firmware | 2024-11-27 | 9.8 Critical |
| D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the HostName field in SetParentsControlInfo. | ||||
| CVE-2024-28731 | 2 D-link, Dlink | 3 Dwr-2000m Firmware, Dwr-2000m, Dwr-2000m Firmware | 2024-11-22 | 7.3 High |
| Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the Port forwarding option. | ||||
| CVE-2024-28729 | 2 D-link, Dlink | 3 Dwr-2000m Firmware, Dwr-2000m, Dwr-2000m Firmware | 2024-11-22 | 7.8 High |
| An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request. | ||||
| CVE-2024-28730 | 2 D-link, Dlink | 3 Dwr-2000m Firmware, Dwr-2000m, Dwr-2000m Firmware | 2024-11-22 | 4.6 Medium |
| Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the file upload feature of the VPN configuration module. | ||||
| CVE-2024-52739 | 1 D-link | 1 Di-8400 Firmware | 2024-11-21 | 8 High |
| D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE) vulnerabilities in the msp_info_htm function via the flag and cmd parameters. | ||||
| CVE-2024-33345 | 1 D-link | 1 Dir-823g | 2024-11-21 | 6.5 Medium |
| D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer dereference in the main function of upload_firmware.cgi, which allows remote attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-33344 | 1 D-link | 1 Dir-822 | 2024-11-21 | 9.8 Critical |
| D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell. | ||||