Filtered by vendor Dlink
Subscriptions
Total
1119 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-20500 | 1 Dlink | 2 Dwl-2600ap, Dwl-2600ap Firmware | 2025-03-14 | 7.8 High |
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter. | ||||
CVE-2013-5223 | 1 Dlink | 2 Dsl-2760u, Dsl-2760u Firmware | 2025-03-14 | 5.4 Medium |
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl. | ||||
CVE-2016-20017 | 1 Dlink | 2 Dsl-2750b, Dsl-2750b Firmware | 2025-03-14 | 9.8 Critical |
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022. | ||||
CVE-2011-4723 | 1 Dlink | 1 Dir-300 | 2025-03-14 | 5.7 Medium |
The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors. | ||||
CVE-2016-11021 | 1 Dlink | 2 Dcs-930l, Dcs-930l Firmware | 2025-03-14 | 7.2 High |
setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter. | ||||
CVE-2019-16057 | 1 Dlink | 2 Dns-320, Dns-320 Firmware | 2025-03-14 | 9.8 Critical |
The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. | ||||
CVE-2020-29557 | 1 Dlink | 6 Dir-825, Dir-825\/a, Dir-825\/ac and 3 more | 2025-03-14 | 9.8 Critical |
An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution. | ||||
CVE-2020-9377 | 1 Dlink | 2 Dir-610, Dir-610 Firmware | 2025-03-14 | 8.8 High |
D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
CVE-2020-25506 | 1 Dlink | 2 Dns-320, Dns-320 Firmware | 2025-03-14 | 9.8 Critical |
D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution. | ||||
CVE-2023-34282 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-03-13 | 8.8 High |
D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. A crafted authentication header can cause authentication to succeed without providing proper credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20910. | ||||
CVE-2023-34281 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-03-13 | 8.0 High |
D-Link DIR-2150 GetFirmwareStatus Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20561. | ||||
CVE-2023-34280 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-03-13 | 8.0 High |
D-Link DIR-2150 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20559. | ||||
CVE-2023-34279 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-03-13 | 8.8 High |
D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20558. | ||||
CVE-2023-34278 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-03-13 | 8.0 High |
D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20556. | ||||
CVE-2023-34277 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-03-13 | 8.0 High |
D-Link DIR-2150 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20555. | ||||
CVE-2023-34276 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-03-13 | 8.0 High |
D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20554. | ||||
CVE-2023-34275 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-03-13 | 8.0 High |
D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20553. | ||||
CVE-2023-34274 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-03-13 | 8.8 High |
D-Link DIR-2150 LoginPassword Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. A crafted login request can cause authentication to succeed without providing proper credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20552. | ||||
CVE-2022-26258 | 1 Dlink | 2 Dir-820l, Dir-820l Firmware | 2025-03-13 | 9.8 Critical |
D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp. | ||||
CVE-2021-40655 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2025-03-12 | 7.5 High |
An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page |