Search Results (621 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3347 1 D-link 1 Dir-400 2026-04-23 N/A
Buffer overflow on the D-Link DIR-400 wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
CVE-2008-1253 1 D-link 1 Dsl-g604t 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Link DSL-G604T router allows remote attackers to inject arbitrary web script or HTML via the var:category parameter, as demonstrated by a request for advanced/portforw.htm on the fwan page.
CVE-2006-5537 1 D-link 1 Dsl-g624t 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allow remote attackers to inject arbitrary web script or HTML via the (1) upnp:settings/state or (2) upnp:settings/connection parameters.
CVE-2006-6055 1 D-link 1 Dwl-g132 2026-04-23 N/A
Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 wireless adapter allows remote attackers to execute arbitrary code via a 802.11 beacon request with a long Rates information element (IE).
CVE-2007-0933 2 D-link, Microsoft 2 Dwl-g650\+, Windows Xp 2026-04-23 N/A
Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ (Rev. A1) on Windows XP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a beacon frame with a long TIM Information Element.
CVE-2007-3348 1 D-link 2 Dph-540, Dph-541 2026-04-23 N/A
The D-Link DPH-540/DPH-541 phone allows remote attackers to cause a denial of service (device outage) via a malformed SDP header in a SIP INVITE message.
CVE-2006-5536 1 D-link 1 Dsl-g624t 2026-04-23 N/A
Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter.
CVE-2008-4133 1 D-link 1 Dir-100 2026-04-23 N/A
The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters.
CVE-2006-5538 1 D-link 1 Dsl-g624t 2026-04-23 N/A
D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to list contents of the cgi-bin directory via unspecified vectors, probably a direct request.
CVE-2007-3347 1 D-link 2 Dph-540, Dph-541 2026-04-23 N/A
The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID.
CVE-2026-4188 1 D-link 1 Dir-619l 2026-04-22 8.8 High
A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected element is the function formSchedule of the file /goform/formSchedule of the component boa. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-50666 2 D-link, Dlink 3 Di-8003, Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /web_post.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in parameters such as name, en, user_id, log, and time.
CVE-2025-50665 2 D-link, Dlink 3 Di-8003, Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of input parameters in the /web_keyword.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request via the name, en, time, mem_gb2312, and mem_utf8 parameters.
CVE-2025-50662 2 D-link, Dlink 3 Di-8003, Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_group.asp endpoint.
CVE-2025-50661 2 D-link, Dlink 3 Di-8003, Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /url_rule.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, en, ips, u, time, act, rpri, and log.
CVE-2025-50660 2 D-link, Dlink 3 Di-8003, Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_member.asp endpoint.
CVE-2025-50659 2 D-link, Dlink 3 Di-8003, Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the custom_error parameter in the /user.asp endpoint.
CVE-2025-50654 2 D-link, Dlink 3 Di-8003, Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of the id parameter in the /thd_member.asp endpoint.
CVE-2025-50648 2 D-link, Dlink 3 Di-8003, Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validation in the /tggl.asp endpoint.
CVE-2025-50644 2 D-link, Dlink 3 Di-8003, Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of user input in the qj.asp endpoint.