Filtered by vendor Dlink
Subscribe
Total
1622 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4344 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-05-12 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability, which was classified as critical, was found in D-Link DIR-600L up to 2.07B01. This affects the function formLogin. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. This vulnerability only affects products that are no longer supported by the maintainer.
|
|||||
| CVE-2024-52739 | 1 Dlink | 2 Di-8400, Di-8400 Firmware | 2025-05-09 | N/A | 8.0 HIGH |
|
D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE) vulnerabilities in the msp_info_htm function via the flag and cmd parameters.
|
|||||
| CVE-2022-43184 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2025-05-08 | N/A | 9.8 CRITICAL |
|
D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via the component /bin/proc.cgi.
|
|||||
| CVE-2024-48629 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2025-05-07 | N/A | 8.0 HIGH |
|
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the IPAddress parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
|
|||||
| CVE-2024-48630 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2025-05-07 | N/A | 8.0 HIGH |
|
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the MacAddress parameter in the SetMACFilters2 function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
|
|||||
| CVE-2024-48168 | 1 Dlink | 2 Dcs-960l, Dcs-960l Firmware | 2025-05-07 | N/A | 9.8 CRITICAL |
|
A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link DCS-960L 1.09, allowing an attacker to execute arbitrary code.
|
|||||
| CVE-2024-48632 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2025-05-07 | N/A | 8.0 HIGH |
|
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the LocalIPAddress, TCPPorts, and UDPPorts parameters in the SetPortForwardingSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
|
|||||
| CVE-2024-48631 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2025-05-07 | N/A | 8.0 HIGH |
|
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
|
|||||
| CVE-2024-48633 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2025-05-07 | N/A | 8.0 HIGH |
|
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
|
|||||
| CVE-2024-48634 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2025-05-07 | N/A | 8.0 HIGH |
|
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the key parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
|
|||||
| CVE-2024-48635 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2025-05-07 | N/A | 8.0 HIGH |
|
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:2/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
|
|||||
| CVE-2024-48637 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2025-05-07 | N/A | 8.0 HIGH |
|
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
|
|||||
| CVE-2024-48636 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2025-05-07 | N/A | 8.0 HIGH |
|
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:0/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
|
|||||
| CVE-2024-48271 | 1 Dlink | 2 Dsl-6740c, Dsl-6740c Firmware | 2025-05-07 | N/A | 8.8 HIGH |
|
D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for Administrator access, possibly allowing attackers to bypass authentication and escalate privileges on the device via a bruteforce attack.
|
|||||
| CVE-2024-48638 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2025-05-07 | N/A | 8.0 HIGH |
|
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SubnetMask parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
|
|||||
| CVE-2024-48272 | 1 Dlink | 2 Dsl-6740c, Dsl-6740c Firmware | 2025-05-07 | N/A | 6.5 MEDIUM |
|
D-Link DSL6740C v6.TR069.20211230 was discovered to use an insecure default Wifi password, possibly allowing attackers to connect to the device via a bruteforce attack.
|
|||||
| CVE-2024-51023 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-05-07 | N/A | 8.8 HIGH |
|
D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address parameter in the SetNetworkTomographySettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
|
|||||
| CVE-2024-51024 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-05-07 | N/A | 8.0 HIGH |
|
D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the HostName parameter in the SetWanSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
|
|||||
| CVE-2024-51186 | 1 Dlink | 2 Dir-820l, Dir-820l Firmware | 2025-05-07 | N/A | 8.0 HIGH |
|
D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions.
|
|||||
| CVE-2022-43003 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-07 | N/A | 9.8 CRITICAL |
|
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function.
|
|||||
| CVE-2022-43002 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-07 | N/A | 9.8 CRITICAL |
|
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54.
|
|||||
| CVE-2022-43001 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-07 | N/A | 9.8 CRITICAL |
|
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function.
|
|||||
| CVE-2022-43000 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-07 | N/A | 9.8 CRITICAL |
|
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4.
|
|||||
| CVE-2022-42999 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-07 | N/A | 7.5 HIGH |
|
D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm.
|
|||||
| CVE-2022-42998 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-07 | N/A | 9.8 CRITICAL |
|
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd.
|
|||||
| CVE-2020-21016 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2025-05-07 | N/A | 9.8 CRITICAL |
|
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php.
|
|||||
| CVE-2017-14429 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-05-06 | 10.0 HIGH | 9.8 CRITICAL |
|
The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting generated files such as WAN-1-udhcpc.sh.
|
|||||
| CVE-2022-43109 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-05-05 | N/A | 9.8 CRITICAL |
|
D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet.
|
|||||
| CVE-2024-27684 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-05-02 | N/A | 6.1 MEDIUM |
|
A Cross-site scripting (XSS) vulnerability in dlapn.cgi, dldongle.cgi, dlcfg.cgi, fwup.cgi and seama.cgi in D-Link GORTAC750_A1_FW_v101b03 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
|
|||||
| CVE-2024-57684 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | N/A | 9.8 CRITICAL |
|
An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request.
|
|||||
| CVE-2024-57683 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | N/A | 4.3 MEDIUM |
|
An access control issue in the component websURLFilterAddDel of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the filter settings of the device via a crafted POST request.
|
|||||
| CVE-2024-57682 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | N/A | 6.5 MEDIUM |
|
An information disclosure vulnerability in the component d_status.asp of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to access sensitive information via a crafted POST request.
|
|||||
| CVE-2024-57681 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | N/A | 5.3 MEDIUM |
|
An access control issue in the component form2alg.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the agl service of the device via a crafted POST request.
|
|||||
| CVE-2024-57680 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | N/A | 5.3 MEDIUM |
|
An access control issue in the component form2PortriggerRule.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the port trigger of the device via a crafted POST request.
|
|||||
| CVE-2024-57679 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | N/A | 6.5 MEDIUM |
|
An access control issue in the component form2RepeaterSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G repeater service of the device via a crafted POST request.
|
|||||
| CVE-2024-57678 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | N/A | 6.5 MEDIUM |
|
An access control issue in the component form2WlAc.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G mac access control list of the device via a crafted POST request.
|
|||||
| CVE-2024-57677 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | N/A | 6.5 MEDIUM |
|
An access control issue in the component form2Wan.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the wan service of the device via a crafted POST request.
|
|||||
| CVE-2024-57676 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | N/A | 6.5 MEDIUM |
|
An access control issue in the component form2WlanBasicSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G wlan service of the device via a crafted POST request.
|
|||||
| CVE-2024-13102 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability classified as critical was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This vulnerability affects unknown code of the file /goform/DDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-13103 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability, which was classified as critical, has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This issue affects some unknown processing of the file /goform/form2AddVrtsrv.cgi of the component Virtual Service Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||