Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor D-link Subscribe
Total 279 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-1680 1 D-link 4 Dsl-502t, Dsl-504t, Dsl-562t and 1 more 2016-10-17 7.5 HIGH N/A
D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firmwarecfg is executed, allows remote attackers to bypass authentication (1) if their IP address already exists in /var/tmp/fw_ip or (2) if their request is the first, which causes /var/tmp/fw_ip to be created and contain their IP address.
CVE-2002-1069 1 D-link 1 Di-804 2016-10-17 5.0 MEDIUM N/A
The remote administration capability for the D-Link DI-804 router 4.68 allows remote attackers to bypass authentication and release DHCP addresses or obtain sensitive information via a direct web request to the pages (1) release.htm, (2) Device Status, or (3) Device Information.
CVE-2002-1068 1 D-link 1 Dp-303 2016-10-17 5.0 MEDIUM N/A
The web server for D-Link DP-300 print server allows remote attackers to cause a denial of service (hang) via a large HTTP POST request.
CVE-2014-9517 1 D-link 2 Dcs-2103 Hd Cube Network Camera, Dcs-2103 Hd Cube Network Camera Firmware 2016-09-06 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm.
CVE-2014-3936 1 D-link 6 Dir-505l Shareport Mobile Companion, Dir505 Shareport Mobile Companion, Dir505 Shareport Mobile Companion Firmware and 3 more 2015-10-08 10.0 HIGH N/A
Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request.
CVE-2014-3872 1 D-link 2 Dap-1350, Dap-1350 Firmware 2015-09-29 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1) with firmware 1.14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password.
CVE-2014-4645 1 D-link 1 Dsl-2760u-e1 2015-09-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname.
CVE-2012-4046 1 D-link 2 Dcs-932l, Dcs-932l Firmware 2015-03-18 3.3 LOW N/A
The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value.
CVE-2015-2048 1 D-link 2 Dcs-931l, Dcs-931l Firmware 2015-02-24 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2015-1028 1 D-link 2 Dsl-2730b, Dsl-2730b Firmware 2015-01-26 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer).
CVE-2014-10028 1 D-link 2 Dap-1360, Dap-1360 Firmware 2015-01-13 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi when res_config_id is set to 41.
CVE-2014-10026 1 D-link 2 Dap-1360, Dap-1360 Firmware 2015-01-13 5.0 MEDIUM N/A
index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows remote attackers to bypass authentication and obtain sensitive information by setting the client_login cookie to admin.
CVE-2014-10025 1 D-link 2 Dap-1360, Dap-1360 Firmware 2015-01-13 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that change the (1) Enable Wireless, (2) MBSSID, (3) BSSID, (4) Hide Access Point, (5) SSID, (6) Country, (7) Channel, (8) Wireless mode, or (9) Max Associated Clients setting via a crafted request to index.cgi.
CVE-2014-10027 1 D-link 2 Dap-1360, Dap-1360 Firmware 2015-01-13 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that (1) change the MAC filter restrict mode, (2) add a MAC address to the filter, or (3) remove a MAC address from the filter via a crafted request to index.cgi.
CVE-2014-9518 1 D-link 2 Dir-655, Dir-655 Firmware 2015-01-06 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01 allows remote attackers to inject arbitrary web script or HTML via the html_response_page parameter.
CVE-2014-9234 1 D-link 2 Dcs-2103 Hd Cube Network Camera, Dcs-2103 Hd Cube Network Camera Firmware 2014-12-05 5.0 MEDIUM N/A
Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2014-4927 3 Acme, D-link, Netgear 5 Micro Httpd, Dsl2740u, Dsl2750u and 2 more 2014-07-25 7.8 HIGH N/A
Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request.
CVE-2011-4821 1 D-link 2 Dir-601, Dir-601 Firmware 2014-06-23 5.0 MEDIUM N/A
Directory traversal vulnerability in the TFTP server in D-Link DIR-601 Wireless N150 Home Router with firmware 1.02NA allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2014-3761 1 D-link 2 Dap 1150, Dap 1150 Firmware 2014-05-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in D-Link DAP 1150 with firmware 1.2.94 allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi in the Control/URL-filter section.
CVE-2014-3760 1 D-link 2 Dap 1150, Dap 1150 Firmware 2014-05-16 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP 1150 with firmware 1.2.94 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) disable the DMZ in the Firewall/DMZ section via a request to index.cgi or (3) add, (4) modify, or (5) delete URL-filter settings in the Control/URL-filter section via a request to index.cgi, as demonstrated by adding a rule that blocks access to google.com.