Filtered by vendor D-link
Subscribe
Total
279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1650 | 1 D-link | 1 Dcs-900 Internet Camera | 2017-07-10 | 7.5 HIGH | N/A |
| D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet. | |||||
| CVE-2004-0661 | 1 D-link | 3 Di-604, Di-614\+, Di-624 | 2017-07-10 | 5.0 MEDIUM | N/A |
| Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid for thirteen or more years. | |||||
| CVE-2004-0615 | 1 D-link | 3 Di-614\+, Di-624, Di-704p | 2017-07-10 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request. | |||||
| CVE-2017-9542 | 1 D-link | 2 Dir-615, Dir-615 Firmware | 2017-06-22 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device. | |||||
| CVE-2015-7247 | 1 D-link | 2 Dvg-n5402sp, Dvg-n5402sp Firmware | 2017-04-28 | 7.8 HIGH | 9.8 CRITICAL |
| D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2015-7246 | 1 D-link | 2 Dvg-n5402sp, Dvg-n5402sp Firmware | 2017-04-28 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access. | |||||
| CVE-2015-7245 | 1 D-link | 2 Dvg-n5402sp, Dvg-n5402sp Firmware | 2017-04-28 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter. | |||||
| CVE-2016-1559 | 1 D-link | 6 Dap-1353 H\/w B1, Dap-1353 H\/w B1 Firmware, Dap-2553 H\/w A1 and 3 more | 2017-04-28 | 2.6 LOW | 8.1 HIGH |
| D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP. | |||||
| CVE-2016-1558 | 1 D-link | 20 Dap-2230, Dap-2230 Firmware, Dap-2310 and 17 more | 2017-04-27 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, DAP-2695 1.16 and earlier, DAP-3320 1.00 and earlier, and DAP-3662 1.01 and earlier allows remote attackers to have unspecified impact via a crafted 'dlink_uid' cookie. | |||||
| CVE-2017-5874 | 1 D-link | 2 Dir-600m, Dir-600m Firmware | 2017-03-23 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact. | |||||
| CVE-2015-2050 | 1 D-link | 2 Dap-1320, Dap-1320 Firmware | 2017-03-23 | 10.0 HIGH | N/A |
| D-Link DAP-1320 Rev Ax with firmware before 1.21b05 allows attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2017-5633 | 1 D-link | 2 Di-524, Di-524 Firmware | 2017-03-09 | 8.5 HIGH | 8.0 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted requests to CGI programs. | |||||
| CVE-2017-6411 | 2 D-link, Dlink | 2 Dsl-2730u, Dsl-2730u Firmware | 2017-03-07 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password. | |||||
| CVE-2016-10125 | 1 D-link | 13 Dgs-1100-05, Dgs-1100-05pd, Dgs-1100-08 and 10 more | 2017-01-12 | 6.8 MEDIUM | 8.1 HIGH |
| D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session. | |||||
| CVE-2015-2051 | 1 D-link | 2 Dir-645, Dir-645 Firmware | 2016-12-30 | 10.0 HIGH | N/A |
| The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. | |||||
| CVE-2015-2052 | 1 D-link | 2 Dir-645, Dir-645 Firmware | 2016-12-30 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface. | |||||
| CVE-2013-7389 | 1 D-link | 2 Dir-645, Dir-645 Firmware | 2016-12-30 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php. | |||||
| CVE-2016-5681 | 1 D-link | 20 Dir-817l\(w\), Dir-817l\(w\) Firmware, Dir-818l\(w\) and 17 more | 2016-11-28 | 9.3 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08, DIR-868L B1 2.03 before 2.03WWb01, and DIR-868L C1 3.00 before 3.00WWb01 devices allows remote attackers to execute arbitrary code via a long session cookie. | |||||
| CVE-2005-1827 | 1 D-link | 1 Dsl-504t | 2016-10-17 | 7.5 HIGH | N/A |
| D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg. | |||||
| CVE-2005-1828 | 1 D-link | 1 Dsl-504t | 2016-10-17 | 7.5 HIGH | N/A |
| D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information. | |||||