Filtered by vendor Dlink Subscriptions
Total 1034 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-10179 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2024-11-21 7.5 High
An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607.
CVE-2016-10178 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2024-11-21 9.8 Critical
An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command.
CVE-2016-10177 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2024-11-21 9.8 Critical
An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234.
CVE-2016-10125 1 Dlink 13 Dgs-1100-05, Dgs-1100-05pd, Dgs-1100-08 and 10 more 2024-11-21 N/A
D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session.
CVE-2015-7247 2 D-link, Dlink 2 Dvg-n5402sp Firmware, Dvg-n5402sp 2024-11-21 N/A
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information.
CVE-2015-7246 2 D-link, Dlink 2 Dvg-n5402sp Firmware, Dvg-n5402sp 2024-11-21 N/A
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access.
CVE-2015-7245 2 D-link, Dlink 2 Dvg-n5402sp Firmware, Dvg-n5402sp 2024-11-21 N/A
Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter.
CVE-2015-5999 1 Dlink 2 Dir-816l, Dir-816l Firmware 2024-11-21 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi.
CVE-2015-2052 1 Dlink 2 Dir-645, Dir-645 Firmware 2024-11-21 N/A
Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface.
CVE-2015-2051 1 Dlink 2 Dir-645, Dir-645 Firmware 2024-11-21 9.8 Critical
The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
CVE-2015-2050 1 Dlink 2 Dap-1320, Dap-1320 Firmware 2024-11-21 N/A
D-Link DAP-1320 Rev Ax with firmware before 1.21b05 allows attackers to execute arbitrary commands via unspecified vectors.
CVE-2015-2049 1 Dlink 2 Dcs-931l, Dcs-931l Firmware 2024-11-21 N/A
Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.
CVE-2015-2048 1 Dlink 2 Dcs-931l, Dcs-931l Firmware 2024-11-21 N/A
Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2015-1187 2 Dlink, Trendnet 30 Dir-626l, Dir-626l Firmware, Dir-636l and 27 more 2024-11-21 9.8 Critical
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.
CVE-2015-1028 1 Dlink 2 Dsl-2730b, Dsl-2730b Firmware 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer).
CVE-2015-0153 1 Dlink 2 Dir-815, Dir-815 Firmware 2024-11-21 N/A
D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key.
CVE-2015-0152 1 Dlink 2 Dir-815, Dir-815 Firmware 2024-11-21 N/A
D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the administrative password.
CVE-2015-0151 1 Dlink 2 Dir-815, Dir-815 Firmware 2024-11-21 N/A
Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVE-2015-0150 1 Dlink 2 Dir-815, Dir-815 Firmware 2024-11-21 N/A
The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2014-9517 1 Dlink 2 Dcs-2103, Dcs-2103 Firmware 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm.