Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Dlink Subscribe
Total 448 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-24351 2 D-link, Dlink 2 Dir-605l, Dir-605l Firmware 2023-02-21 N/A 9.8 CRITICAL
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the FILECODE parameter at /goform/formLogin.
CVE-2023-24350 2 D-link, Dlink 2 Dir-605l, Dir-605l Firmware 2023-02-17 N/A 9.8 CRITICAL
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the config.smtp_email_subject parameter at /goform/formSetEmail.
CVE-2023-24352 2 D-link, Dlink 2 Dir-605l, Dir-605l Firmware 2023-02-17 N/A 9.8 CRITICAL
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWPS.
CVE-2023-24349 2 D-link, Dlink 2 Dir-605l, Dir-605l Firmware 2023-02-17 N/A 9.8 CRITICAL
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetRoute.
CVE-2023-24348 2 D-link, Dlink 2 Dir-605l, Dir-605l Firmware 2023-02-17 N/A 9.8 CRITICAL
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetACLFilter.
CVE-2023-24344 2 D-link, Dlink 2 Dir-605l, Dir-605l Firmware 2023-02-17 N/A 8.8 HIGH
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWlanGuestSetup.
CVE-2023-24347 2 D-link, Dlink 2 Dir-605l, Dir-605l Firmware 2023-02-16 N/A 8.8 HIGH
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formSetWanDhcpplus.
CVE-2023-24346 2 D-link, Dlink 2 Dir-605l, Dir-605l Firmware 2023-02-16 N/A 8.8 HIGH
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the wan_connected parameter at /goform/formEasySetupWizard3.
CVE-2023-24345 2 D-link, Dlink 2 Dir-605l, Dir-605l Firmware 2023-02-16 N/A 8.8 HIGH
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetWanDhcpplus.
CVE-2023-24343 2 D-link, Dlink 2 Dir-605l, Dir-605l Firmware 2023-02-16 N/A 8.8 HIGH
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSchedule.
CVE-2022-46552 1 Dlink 2 Dir-846, Dir-846 Firmware 2023-02-09 N/A 8.8 HIGH
D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request.
CVE-2022-47035 1 Dlink 2 Dir-825, Dir-825 Firmware 2023-02-07 N/A 9.8 CRITICAL
Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint.
CVE-2022-48107 1 Dlink 2 Dir 878, Dir 878 Firmware 2023-02-07 N/A 9.8 CRITICAL
D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress. This vulnerability allows attackers to escalate privileges to root via a crafted payload.
CVE-2022-48108 1 Dlink 2 Dir 878, Dir 878 Firmware 2023-02-06 N/A 9.8 CRITICAL
D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload.
CVE-2022-40717 1 Dlink 2 Dir-2150, Dir-2150 Firmware 2023-02-03 N/A 8.8 HIGH
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15727.
CVE-2022-40720 1 Dlink 2 Dir-2150, Dir-2150 Firmware 2023-02-02 N/A 8.8 HIGH
This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on TCP port 4044 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the router. Was ZDI-CAN-15935.
CVE-2022-41140 1 Dlink 6 Dir-867, Dir-867 Firmware, Dir-878 and 3 more 2023-02-02 N/A 8.8 HIGH
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13796.
CVE-2022-40719 1 Dlink 2 Dir-2150, Dir-2150 Firmware 2023-02-02 N/A 8.8 HIGH
This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd_generic.lua plugin for the xupnpd service, which listens on TCP port 4044 by default. When parsing the feed parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15906.
CVE-2022-40718 1 Dlink 2 Dir-2150, Dir-2150 Firmware 2023-02-02 N/A 8.8 HIGH
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15728.
CVE-2022-46476 1 Dlink 2 Dir-859 A1, Dir-859 A1 Firmware 2023-01-26 N/A 9.8 CRITICAL
D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function.