Filtered by vendor Dlink Subscriptions
Filtered by product Dir-825 Firmware Subscriptions
Total 11 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-0717 1 Dlink 88 Dap-1360, Dap-1360 Firmware, Dir-1210 and 85 more 2024-11-21 5.3 Medium
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.
CVE-2022-47035 1 Dlink 2 Dir-825, Dir-825 Firmware 2024-11-21 9.8 Critical
Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint.
CVE-2022-29332 1 Dlink 2 Dir-825, Dir-825 Firmware 2024-11-21 6.5 Medium
D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the "../../../../" setting of the FTP server folder to set the router's root folder for FTP access. This allows you to access the entire router file system via the FTP server.
CVE-2021-46442 1 Dlink 2 Dir-825, Dir-825 Firmware 2024-11-21 9.8 Critical
In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization.
CVE-2021-46441 1 Dlink 2 Dir-825, Dir-825 Firmware 2024-11-21 8.8 High
In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization.
CVE-2021-29296 1 Dlink 2 Dir-825, Dir-825 Firmware 2024-11-21 7.5 High
Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vct_wan; the sbin/httpd would invoke the strchr function and take NULL as a first argument, which finally leads to the segmentation fault. NOTE: The DIR-825 and all hardware revisions is considered End of Life and as such this issue will not be patched
CVE-2020-10216 2 Dlink, Trendnet 4 Dir-825, Dir-825 Firmware, Tew-632brp and 1 more 2024-11-21 8.8 High
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.
CVE-2020-10215 2 Dlink, Trendnet 4 Dir-825, Dir-825 Firmware, Tew-632brp and 1 more 2024-11-21 8.8 High
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.
CVE-2020-10214 1 Dlink 2 Dir-825, Dir-825 Firmware 2024-11-21 8.8 High
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntp_sync.cgi with a sufficiently long parameter ntp_server.
CVE-2020-10213 2 Dlink, Trendnet 4 Dir-825, Dir-825 Firmware, Tew-632brp and 1 more 2024-11-21 8.8 High
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.
CVE-2019-16920 1 Dlink 20 Dap-1533, Dap-1533 Firmware, Dhp-1565 and 17 more 2024-11-21 9.8 Critical
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.