Filtered by vendor Dlink
Subscriptions
Total
942 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-33266 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2024-08-03 | 9.8 Critical |
| D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualApp. This vulnerability is triggered via a crafted POST request. | ||||
| CVE-2021-33265 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2024-08-03 | 9.8 Critical |
| D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80046eb4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request. | ||||
| CVE-2021-33267 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2024-08-03 | 9.8 Critical |
| D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80034d60 in /formStaticDHCP. This vulnerability is triggered via a crafted POST request. | ||||
| CVE-2021-33269 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2024-08-03 | 9.8 Critical |
| D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualServ. This vulnerability is triggered via a crafted POST request. | ||||
| CVE-2021-33270 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2024-08-03 | 9.8 Critical |
| D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_800462c4 in /formAdvFirewall. This vulnerability is triggered via a crafted POST request. | ||||
| CVE-2021-33259 | 2 D-link, Dlink | 2 Dir-868lw Firmware, Dir-868lw | 2024-08-03 | 5.3 Medium |
| Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history. | ||||
| CVE-2021-33274 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2024-08-03 | 9.8 Critical |
| D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80040af8 in /formWlanSetup. This vulnerability is triggered via a crafted POST request. | ||||
| CVE-2021-31326 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-08-03 | 9.8 Critical |
| D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi. | ||||
| CVE-2021-30072 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2024-08-03 | 9.8 Critical |
| An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. Because strcat is misused, there is a stack-based buffer overflow that does not require authentication. | ||||
| CVE-2021-29379 | 1 Dlink | 2 Dir-802, Dir-802 Firmware | 2024-08-03 | 8.8 High |
| An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2021-29296 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2024-08-03 | 7.5 High |
| Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vct_wan; the sbin/httpd would invoke the strchr function and take NULL as a first argument, which finally leads to the segmentation fault. NOTE: The DIR-825 and all hardware revisions is considered End of Life and as such this issue will not be patched | ||||
| CVE-2021-29295 | 1 Dlink | 2 Dsp-w215, Dsp-w215 Firmware | 2024-08-03 | 7.5 High |
| Null Pointer Dereference vulnerability exists in D-Link DSP-W215 1.10, which could let a remote malicious user cause a denial of servie via usr/bin/lighttpd. It could be triggered by sending an HTTP request without URL in the start line directly to the device. NOTE: The DSP-W215 and all hardware revisions is considered End of Life and as such this issue will not be patched | ||||
| CVE-2021-29294 | 1 Dlink | 2 Dsl-2740r, Dsl-2740r Firmware | 2024-08-03 | 7.5 High |
| Null Pointer Dereference vulnerability exists in D-Link DSL-2740R UK_1.01, which could let a remove malicious user cause a denial of service via the send_hnap_unauthorized function. It could be triggered by sending crafted POST request to /HNAP1/. NOTE: The DSL-2740R and all hardware revisions are considered End of Life and as such this issue will not be patched | ||||
| CVE-2021-28840 | 1 Dlink | 18 Dap-2310, Dap-2310 Firmware, Dap-2330 and 15 more | 2024-08-03 | 7.5 High |
| Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_config function of sbin/httpd binary. When the binary handle the specific HTTP GET request, the content in upload_file variable is NULL in the upload_config function then the strncasecmp would take NULL as first argument, and incur the NULL pointer dereference vulnerability. | ||||
| CVE-2021-28838 | 1 Dlink | 18 Dap-2310, Dap-2310 Firmware, Dap-2330 and 15 more | 2024-08-03 | 7.5 High |
| Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695 1.20RC093, DAP-3320 1.05RC027 BETA and DAP-3662 1.05rc069 in the sbin/httpd binary. The crash happens at the `atoi' operation when a specific network package are sent to the httpd binary. | ||||
| CVE-2021-28839 | 1 Dlink | 18 Dap-2310, Dap-2310 Firmware, Dap-2330 and 15 more | 2024-08-03 | 7.5 High |
| Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_certificate function of sbin/httpd binary. When the binary handle the specific HTTP GET request, the strrchr in the upload_certificate function would take NULL as first argument, and incur the NULL pointer dereference vulnerability. | ||||
| CVE-2021-28144 | 1 Dlink | 2 Dir-3060, Dir-3060 Firmware | 2024-08-03 | 8.8 High |
| prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls CheckArpTables, which calls popen unsafely. | ||||
| CVE-2021-28143 | 1 Dlink | 2 Dir-841, Dir-841 Firmware | 2024-08-03 | 8.0 High |
| /jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute (under System Tools). | ||||
| CVE-2021-27342 | 1 Dlink | 2 Dir-842e, Dir-842e Firmware | 2024-08-03 | 5.9 Medium |
| An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR-842 firmware version 3.0.2 allows a remote attacker to circumvent the anti-brute-force cool-down delay period via a timing-based side-channel attack | ||||
| CVE-2021-27249 | 1 Dlink | 2 Dap-2020, Dap-2020 Firmware | 2024-08-03 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11369. | ||||