Filtered by vendor Dlink
Subscribe
Total
448 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13787 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2021-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information. | |||||
| CVE-2020-13784 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2021-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. | |||||
| CVE-2020-13783 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2021-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information. | |||||
| CVE-2021-33269 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2021-12-03 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualServ. This vulnerability is triggered via a crafted POST request. | |||||
| CVE-2021-33268 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2021-12-03 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_8003183C in /fromLogin. This vulnerability is triggered via a crafted POST request. | |||||
| CVE-2021-33270 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2021-12-03 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_800462c4 in /formAdvFirewall. This vulnerability is triggered via a crafted POST request. | |||||
| CVE-2021-33267 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2021-12-03 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80034d60 in /formStaticDHCP. This vulnerability is triggered via a crafted POST request. | |||||
| CVE-2021-33274 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2021-12-03 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80040af8 in /formWlanSetup. This vulnerability is triggered via a crafted POST request. | |||||
| CVE-2021-33271 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2021-12-03 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_80046EB4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request. | |||||
| CVE-2021-33266 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2021-12-03 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualApp. This vulnerability is triggered via a crafted POST request. | |||||
| CVE-2021-33265 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2021-12-02 | 7.2 HIGH | 9.8 CRITICAL |
| D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80046eb4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request. | |||||
| CVE-2021-42784 | 1 Dlink | 2 Dwr-932c, Dwr-932c E1 Firmware | 2021-11-29 | 10.0 HIGH | 9.8 CRITICAL |
| OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 firmware allows a remote attacker to perform command injection via a crafted HTTP request. | |||||
| CVE-2021-42783 | 1 Dlink | 2 Dwr-932c, Dwr-932c E1 Firmware | 2021-11-29 | 10.0 HIGH | 9.8 CRITICAL |
| Missing Authentication for Critical Function vulnerability in debug_post_set.cgi of D-Link DWR-932C E1 firmware allows an unauthenticated attacker to execute administrative actions. | |||||
| CVE-2017-7852 | 2 D-link, Dlink | 52 Dcs-2132l, Dcs-2132l Firmware, Dcs-2136l and 49 more | 2021-11-09 | 6.8 MEDIUM | 8.8 HIGH |
| D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim's DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1. | |||||
| CVE-2020-25368 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2021-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login. | |||||
| CVE-2020-25366 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2021-11-05 | 8.5 HIGH | 9.1 CRITICAL |
| An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors. | |||||
| CVE-2020-25367 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2021-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login. | |||||
| CVE-2019-17146 | 1 Dlink | 4 Dcs-935l, Dcs-935l Firmware, Dcs-960l and 1 more | 2021-10-29 | 10.0 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link DCS-960L v1.07.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the SOAPAction request header, the process does not properly validate the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-8458. | |||||
| CVE-2021-40284 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2021-09-22 | 6.8 MEDIUM | 6.5 MEDIUM |
| D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of service. This vulnerability exists in the web interface "/cgi-bin/New_GUI/Igmp.asp". Authenticated remote attackers can trigger this vulnerability by sending a long string in parameter 'igmpsnoopEnable' via an HTTP request. | |||||
| CVE-2021-39509 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2021-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell metacharacters. | |||||