Filtered by vendor Dlink Subscriptions
Total 1034 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-15516 1 Dlink 1 Central Wifimanager 2024-11-21 N/A
The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.
CVE-2018-15515 1 Dlink 1 Central Wifimanager 2024-11-21 N/A
The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges.
CVE-2018-14081 2 D-link, Dlink 4 Dir-809 A1 Firmware, Dir-809 A2 Firmware, Dir-809 Guestzone Firmware and 1 more 2024-11-21 N/A
An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Device passwords, such as the admin password and the WPA key, are stored in cleartext.
CVE-2018-14080 2 D-link, Dlink 4 Dir-809 A1 Firmware, Dir-809 A2 Firmware, Dir-809 Guestzone Firmware and 1 more 2024-11-21 N/A
An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. One can bypass authentication mechanisms to download the configuration file.
CVE-2018-12710 1 Dlink 2 Dir-601, Dir-601 Firmware 2024-11-21 N/A
An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the admin password being displayed in XML.
CVE-2018-12103 2 D-link, Dlink 6 Dir-885\/r, Dir-885l\/r Firmware, Dir-895\/r and 3 more 2024-11-21 N/A
An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point.
CVE-2018-11013 2 D-link, Dlink 2 Dir-816 A2 Firmware, Dir-816 A2 2024-11-21 N/A
Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header.
CVE-2018-10968 2 D-link, Dlink 4 Dir-550a Firmware, Dir-604m Firmware, Dir-550a and 1 more 2024-11-21 N/A
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability.
CVE-2018-10967 2 D-link, Dlink 4 Dir-550a Firmware, Dir-604m Firmware, Dir-550a and 1 more 2024-11-21 N/A
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code execution.
CVE-2018-10957 1 Dlink 2 Dir-868l, Dir-868l Firmware 2024-11-21 N/A
CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components.
CVE-2018-10824 1 Dlink 15 Dir-140l, Dir-140l Firmware, Dir-640l and 12 more 2024-11-21 9.8 Critical
An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0 file. An attacker having a directory traversal (or LFI) can easily get full router access.
CVE-2018-10823 1 Dlink 8 Dwr-111, Dwr-111 Firmware, Dwr-116 and 5 more 2024-11-21 8.8 High
An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.
CVE-2018-10822 1 Dlink 15 Dir-140l, Dir-140l Firmware, Dir-640l and 12 more 2024-11-21 7.5 High
Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190.
CVE-2018-10750 2 D-link, Dlink 2 Dsl-3782 Firmware, Dsl-3782 2024-11-21 N/A
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
CVE-2018-10749 2 D-link, Dlink 2 Dsl-3782 Firmware, Dsl-3782 2024-11-21 N/A
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'commit' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'commit <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
CVE-2018-10748 2 D-link, Dlink 2 Dsl-3782 Firmware, Dsl-3782 2024-11-21 N/A
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'show' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'show <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
CVE-2018-10747 2 D-link, Dlink 2 Dsl-3782 Firmware, Dsl-3782 2024-11-21 N/A
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'unset <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
CVE-2018-10746 2 D-link, Dlink 2 Dsl-3782 Firmware, Dsl-3782 2024-11-21 N/A
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'get' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'get <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
CVE-2018-10713 2 D-link, Dlink 2 Dsl-3782 Firmware, Dsl-3782 2024-11-21 N/A
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'read' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'read <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
CVE-2018-10641 1 Dlink 2 Dir-600l, Dir-601 Firmware 2024-11-21 N/A
D-Link DIR-601 A1 1.02NA devices do not require the old password for a password change, which occurs in cleartext.