Filtered by vendor Dlink
Subscriptions
Total
942 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40284 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2024-08-04 | 6.5 Medium |
| D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of service. This vulnerability exists in the web interface "/cgi-bin/New_GUI/Igmp.asp". Authenticated remote attackers can trigger this vulnerability by sending a long string in parameter 'igmpsnoopEnable' via an HTTP request. | ||||
| CVE-2021-39614 | 1 Dlink | 2 Dvx-2000ms, Dvx-2000ms Firmware | 2024-08-04 | 9.8 Critical |
| D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. | ||||
| CVE-2021-39510 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-08-04 | 9.8 Critical |
| An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell metacharacters. | ||||
| CVE-2021-39509 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-08-04 | 9.8 Critical |
| An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell metacharacters. | ||||
| CVE-2021-37388 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2024-08-04 | 9.8 Critical |
| A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request allows an attacker to crash the webserver and might even gain remote code execution. | ||||
| CVE-2021-34861 | 1 Dlink | 2 Dap-2020, Dap-2020 Firmware | 2024-08-04 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the webproc endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12104. | ||||
| CVE-2021-34863 | 1 Dlink | 2 Dap-2020, Dap-2020 Firmware | 2024-08-04 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:page parameter provided to the webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13271. | ||||
| CVE-2021-34860 | 1 Dlink | 2 Dap-2020, Dap-2020 Firmware | 2024-08-04 | 6.5 Medium |
| This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the getpage parameter provided to the webproc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-12103. | ||||
| CVE-2021-34862 | 1 Dlink | 2 Dap-2020, Dap-2020 Firmware | 2024-08-04 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:menu parameter provided to the webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13270. | ||||
| CVE-2021-34827 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2024-08-04 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12029. | ||||
| CVE-2021-34830 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2024-08-04 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Cookie HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12028. | ||||
| CVE-2021-34829 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2024-08-04 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the HNAP_AUTH HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12065. | ||||
| CVE-2021-34828 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2024-08-04 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12066. | ||||
| CVE-2021-34201 | 1 Dlink | 2 Dir-2640-us, Dir-2640-us Firmware | 2024-08-04 | 7.1 High |
| D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640). Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes. | ||||
| CVE-2021-34202 | 1 Dlink | 2 Dir-2640-us, Dir-2640-us Firmware | 2024-08-04 | 7.8 High |
| There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine other vulnerabilities to further achieve the purpose of remote code execution. | ||||
| CVE-2021-34203 | 1 Dlink | 2 Dir-2640-us, Dir-2640-us Firmware | 2024-08-04 | 8.1 High |
| D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify routing information, monitor the traffic of all devices under the router, hijack DNS and phishing attacks. In addition, this interface is likely to be questioned by customers as a backdoor, because the interface should not be exposed. | ||||
| CVE-2021-34204 | 1 Dlink | 2 Dir-2640-us, Dir-2640-us Firmware | 2024-08-04 | 6.8 Medium |
| D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges. | ||||
| CVE-2021-33346 | 1 Dlink | 2 Dsl-2888a, Dsl-2888a Firmware | 2024-08-03 | 9.8 Critical |
| There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. An attacker can use this vulnerability to modify the password of the admin user without authorization. | ||||
| CVE-2021-33271 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2024-08-03 | 9.8 Critical |
| D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_80046EB4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request. | ||||
| CVE-2021-33268 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2024-08-03 | 9.8 Critical |
| D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_8003183C in /fromLogin. This vulnerability is triggered via a crafted POST request. | ||||