Filtered by vendor Dlink
Subscribe
Total
448 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-46475 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2023-01-23 | N/A | 9.8 CRITICAL |
| D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack overflow via the service= variable in the genacgi_main function. | |||||
| CVE-2019-17621 | 1 Dlink | 28 Dir-818lx, Dir-818lx Firmware, Dir-822 and 25 more | 2023-01-20 | 10.0 HIGH | 9.8 CRITICAL |
| The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. | |||||
| CVE-2022-46642 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2022-12-30 | N/A | 9.9 CRITICAL |
| D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the auto_upgrade_hour parameter in the SetAutoUpgradeInfo function. | |||||
| CVE-2022-46641 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2022-12-30 | N/A | 9.9 CRITICAL |
| D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the lan(0)_dhcps_staticlist parameter in the SetIpMacBindSettings function. | |||||
| CVE-2022-38873 | 1 Dlink | 18 Dap-2310, Dap-2310 Firmware, Dap-2330 and 15 more | 2022-12-29 | N/A | 7.5 HIGH |
| D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106 and earlier, DAP-2695 v1.20rc119_beta31 and earlier, DAP-3320 v1.05rc027 beta and earlier, DAP-3662 v1.05rc047 and earlier allows attackers to cause a Denial of Service (DoS) via uploading a crafted firmware after modifying the firmware header. | |||||
| CVE-2022-46076 | 1 Dlink | 4 Dir-869, Dir-869 Firmware, Dir-869ax and 1 more | 2022-12-29 | N/A | 7.5 HIGH |
| D-Link DIR-869 DIR869Ax_FW102B15 is vulnerable to Authentication Bypass via phpcgi. | |||||
| CVE-2022-44832 | 1 Dlink | 2 Dir-3040, Dir-3040 Firmware | 2022-12-16 | N/A | 9.8 CRITICAL |
| D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function. | |||||
| CVE-2022-28958 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2022-12-12 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** D-Link DIR816L_FW206b01 was discovered to contain a remote code execution (RCE) vulnerability via the value parameter at shareport.php. NOTE: this has been disputed by a third party. | |||||
| CVE-2022-40799 | 1 Dlink | 2 Dnr-322l, Dnr-322l Firmware | 2022-12-01 | N/A | 8.8 HIGH |
| Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device. | |||||
| CVE-2022-44804 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2022-11-23 | N/A | 9.8 CRITICAL |
| D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function. | |||||
| CVE-2022-44806 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2022-11-23 | N/A | 9.8 CRITICAL |
| D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow. | |||||
| CVE-2022-44202 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2022-11-23 | N/A | 9.8 CRITICAL |
| D-Link DIR878 1.02B04 and 1.02B05 are vulnerable to Buffer Overflow. | |||||
| CVE-2022-44807 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2022-11-23 | N/A | 9.8 CRITICAL |
| D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString. | |||||
| CVE-2022-44801 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2022-11-23 | N/A | 9.8 CRITICAL |
| D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control. | |||||
| CVE-2022-44808 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2022-11-23 | N/A | 9.8 CRITICAL |
| A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability. | |||||
| CVE-2022-44201 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2022-11-23 | N/A | 9.8 CRITICAL |
| D-Link DIR823G 1.02B05 is vulnerable to Commad Injection. | |||||
| CVE-2022-36785 | 1 Dlink | 2 G Integrated Access Device4, G Integrated Access Device4 Firmware | 2022-11-22 | N/A | 7.5 HIGH |
| D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass. *Information Disclosure – file contains a URL with private IP at line 15 "login.asp" A. The window.location.href = http://192.168.1.1/setupWizard.asp" http://192.168.1.1/setupWizard.asp" ; "admin" – contains default username value "login.asp" B. While accessing the web interface, the login form at *Authorization Bypass – URL by "setupWizard.asp' while it blocks direct access to – the web interface does not properly validate user identity variables values located at the client side, it is available to access it without a "login_glag" and "login_status" checking browser and to read the admin user credentials for the web interface. | |||||
| CVE-2022-36786 | 1 Dlink | 2 Dsl-224, Dsl-224 Firmware | 2022-11-22 | N/A | 9.9 CRITICAL |
| DLINK - DSL-224 Post-auth PCE. DLINK router has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router. | |||||
| CVE-2022-44204 | 1 Dlink | 2 Dir-3060, Dir-3060 Firmware | 2022-11-21 | N/A | 9.8 CRITICAL |
| D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow. | |||||
| CVE-2018-20432 | 1 Dlink | 4 Covr-2600r, Covr-2600r Firmware, Covr-3902 and 1 more | 2022-11-16 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration. | |||||