Filtered by vendor Dlink
Subscribe
Total
448 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25079 | 1 Dlink | 4 Dcs-2530l, Dcs-2530l Firmware, Dcs-2670l and 1 more | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection. | |||||
| CVE-2020-18568 | 1 Dlink | 4 Dsr-1000n, Dsr-1000n Firmware, Dsr-250 and 1 more | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution. | |||||
| CVE-2019-20213 | 1 Dlink | 28 Dir-818lx, Dir-818lx Firmware, Dir-822 and 25 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. | |||||
| CVE-2019-12787 | 1 Dlink | 2 Dir-818lw, Dir-818lw Firmware | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the Gateway key. | |||||
| CVE-2019-12768 | 1 Dlink | 2 Dap-1650, Dap-1650 Firmware | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Attackers can bypass authentication via forceful browsing. | |||||
| CVE-2021-34827 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2021-07-20 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12029. | |||||
| CVE-2021-34828 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2021-07-20 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12066. | |||||
| CVE-2021-34829 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2021-07-20 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the HNAP_AUTH HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12065. | |||||
| CVE-2021-34830 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2021-07-20 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Cookie HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12028. | |||||
| CVE-2021-34204 | 1 Dlink | 2 Dir-2640-us, Dir-2640-us Firmware | 2021-06-28 | 7.2 HIGH | 6.8 MEDIUM |
| D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges. | |||||
| CVE-2021-34201 | 1 Dlink | 2 Dir-2640-us, Dir-2640-us Firmware | 2021-06-24 | 3.6 LOW | 7.1 HIGH |
| D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640). Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes. | |||||
| CVE-2021-34202 | 1 Dlink | 2 Dir-2640-us, Dir-2640-us Firmware | 2021-06-23 | 7.2 HIGH | 7.8 HIGH |
| There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine other vulnerabilities to further achieve the purpose of remote code execution. | |||||
| CVE-2020-29324 | 1 Dlink | 2 Dir-895l Mfc, Dir-895l Mfc Firmware | 2021-06-10 | 5.0 MEDIUM | 7.5 HIGH |
| The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. | |||||
| CVE-2021-27342 | 1 Dlink | 2 Dir-842e, Dir-842e Firmware | 2021-05-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR-842 firmware version 3.0.2 allows a remote attacker to circumvent the anti-brute-force cool-down delay period via a timing-based side-channel attack | |||||
| CVE-2021-20696 | 1 Dlink | 2 Dap-1880ac, Dap-1880ac Firmware | 2021-05-03 | 9.0 HIGH | 8.8 HIGH |
| DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program. | |||||
| CVE-2021-20697 | 1 Dlink | 2 Dap-1880ac, Dap-1880ac Firmware | 2021-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| Missing authentication for critical function in DAP-1880AC firmware version 1.21 and earlier allows a remote attacker to login to the device as an authenticated user without the access privilege via unspecified vectors. | |||||
| CVE-2013-1599 | 1 Dlink | 34 Dcs-1100, Dcs-1100 Firmware, Dcs-1100l and 31 more | 2021-04-27 | 10.0 HIGH | 9.8 CRITICAL |
| A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.00, DCS-7410 1.00, DCS-7510 1.00, and WCS-1100 1.02, which could let a remote malicious user execute arbitrary commands through the camera’s web interface. | |||||
| CVE-2017-8411 | 1 Dlink | 2 Dcs-1130, Dcs-1130 Firmware | 2021-04-26 | 9.3 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentials and hostname sent to the device work properly) result in being passed as commands to a "system" API in the function and thus result in command injection on the device. If the firmware version is dissected using binwalk tool, we obtain a cramfs-root archive which contains the filesystem set up on the device that contains all the binaries. The library "libmailutils.so" is the one that has the vulnerable function "sub_1FC4" that receives the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows an ARM little endian format. The function sub_1FC4 in IDA pro is identified to be receiving the values sent in the POST request and the value set in POST parameter "receiver1" is extracted in function "sub_15AC" which is then passed to the vulnerable system API call. The vulnerable library function is accessed in "cgibox" binary at address 0x00023BCC which calls the "Send_mail" function in "libmailutils.so" binary as shown below which results in the vulnerable POST parameter being passed to the library which results in the command injection issue. | |||||
| CVE-2017-8404 | 1 Dlink | 2 Dcs-1130, Dcs-1130 Firmware | 2021-04-26 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentials and hostname sent to the device work properly) result in being passed as commands to a "system" API in the function and thus result in command injection on the device. If the firmware version is dissected using binwalk tool, we obtain a cramfs-root archive which contains the filesystem set up on the device that contains all the binaries. The library "libmailutils.so" is the one that has the vulnerable function "sub_1FC4" that receives the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows an ARM little endian format. The function sub_1FC4 in IDA pro is identified to be receiving the values sent in the POST request and the value set in POST parameter "receiver1" is extracted in function "sub_15AC" which is then passed to the vulnerable system API call. The vulnerable library function is accessed in "cgibox" binary at address 0x0008F598 which calls the "mailLoginTest" function in "libmailutils.so" binary as shown below which results in the vulnerable POST parameter being passed to the library which results in the command injection issue. | |||||
| CVE-2017-8412 | 1 Dlink | 4 Dcs-1100, Dcs-1100 Firmware, Dcs-1130 and 1 more | 2021-04-26 | 5.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom binary called mp4ts under the /var/www/video folder. It seems that this binary dumps the HTTP VERB in the system logs. As a part of doing that it retrieves the HTTP VERB sent by the user and uses a vulnerable sprintf function at address 0x0000C3D4 in the function sub_C210 to copy the value into a string and then into a log file. Since there is no bounds check being performed on the environment variable at address 0x0000C360 this results in a stack overflow and overwrites the PC register allowing an attacker to execute buffer overflow or even a command injection attack. | |||||