Filtered by vendor Dlink Subscriptions
Total 1034 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-15909 1 Dlink 2 Dgs-1500, Dgs-1500 Firmware 2024-11-21 N/A
D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access.
CVE-2017-14948 1 Dlink 12 Dir-868l, Dir-868l Firmware, Dir-880l and 9 more 2024-11-21 9.8 Critical
Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with ''boundary=' followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution.
CVE-2017-14430 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-11-21 7.5 High
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via crafted LAN traffic.
CVE-2017-14429 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-11-21 9.8 Critical
The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting generated files such as WAN-1-udhcpc.sh.
CVE-2017-14428 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-11-21 7.8 High
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions.
CVE-2017-14427 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-11-21 7.8 High
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions.
CVE-2017-14426 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-11-21 7.8 High
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target) permissions.
CVE-2017-14425 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-11-21 7.8 High
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions.
CVE-2017-14424 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-11-21 7.8 High
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions.
CVE-2017-14423 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-11-21 7.5 High
htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests.
CVE-2017-14422 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-11-21 7.5 High
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
CVE-2017-14421 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-11-21 9.8 Critical
D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session.
CVE-2017-14420 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-11-21 5.9 Medium
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-14419 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-11-21 5.9 Medium
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established.
CVE-2017-14418 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-11-21 8.1 High
The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services.
CVE-2017-14417 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-11-21 9.8 Critical
register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services.
CVE-2017-14416 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-11-21 6.1 Medium
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php.
CVE-2017-14415 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-11-21 6.1 Medium
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php.
CVE-2017-14414 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-11-21 6.1 Medium
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php.
CVE-2017-14413 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-11-21 6.1 Medium
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php.