Filtered by vendor Dlink Subscriptions
Total 1016 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-33343 1 Dlink 1 Dir-822 Firmware 2024-08-02 8.8 High
D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell.
CVE-2024-27662 1 Dlink 1 Dir-823 Firmware 2024-08-02 6.5 Medium
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_4110f4(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-27657 1 Dlink 1 Dir-823 Firmware 2024-08-02 8.8 High
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the User-Agent parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.
CVE-2024-27658 1 Dlink 1 Dir-823 Firmware 2024-08-02 6.5 Medium
D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-27661 1 Dlink 1 Dir-823 Firmware 2024-08-02 6.5 Medium
D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-27659 1 Dlink 1 Dir-823 Firmware 2024-08-02 6.5 Medium
D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_42AF30(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-27656 1 Dlink 1 Dir-823 Firmware 2024-08-02 8.8 High
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Cookie parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.
CVE-2024-24321 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-08-01 9.8 Critical
An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function.
CVE-2024-23624 1 Dlink 2 Dap-1650, Dap-1650 Firmware 2024-08-01 9.6 Critical
A command injection vulnerability exists in the gena.cgi module of D-Link DAP-1650 devices. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root.
CVE-2024-23625 1 Dlink 2 Dap-1650, Dap-1650 Firmware 2024-08-01 9.6 Critical
A command injection vulnerability exists in D-Link DAP-1650 devices when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root.
CVE-2024-22751 1 Dlink 2 Dir-882 A1, Dir-882 A1 Firmware 2024-08-01 9.8 Critical
D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the sub_477AA0 function.
CVE-2024-22852 1 Dlink 2 Go-rt-ac750, Go-rt-ac750 Firmware 2024-08-01 9.8 Critical
D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to enable telnet service via a specially crafted payload.
CVE-2024-22853 1 Dlink 2 Go-rt-ac750, Go-rt-ac750 Firmware 2024-08-01 9.8 Critical
D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session.
CVE-2024-6525 1 Dlink 2 Dar-7000, Dar-7000 Firmware 2024-08-01 2.7 Low
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20230922. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-270368. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2024-6045 1 Dlink 15 E15 Firmware, E30 Firmware, G403 Firmware and 12 more 2024-08-01 8.8 High
Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware.
CVE-2024-0717 1 Dlink 88 Dap-1360, Dap-1360 Firmware, Dir-1210 and 85 more 2024-08-01 5.3 Medium
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.