Filtered by vendor D-link
Subscribe
Total
279 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-6842 | 1 D-link | 2 Dch-m225, Dch-m225 Firmware | 2020-02-25 | 9.0 HIGH | 7.2 HIGH |
D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name. | |||||
CVE-2013-7051 | 1 D-link | 2 Dir-100, Dir-100 Firmware | 2020-02-04 | 6.8 MEDIUM | 8.8 HIGH |
D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters | |||||
CVE-2013-7052 | 1 D-link | 2 Dir-100, Dir-100 Firmware | 2020-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script | |||||
CVE-2013-7055 | 1 D-link | 2 Dir-100, Dir-100 Firmware | 2020-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
D-Link DIR-100 4.03B07 has PPTP and poe information disclosure | |||||
CVE-2013-7053 | 1 D-link | 2 Dir-100, Dir-100 Firmware | 2020-02-04 | 6.8 MEDIUM | 8.8 HIGH |
D-Link DIR-100 4.03B07: cli.cgi CSRF | |||||
CVE-2013-7054 | 1 D-link | 2 Dir-100, Dir-100 Firmware | 2020-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
D-Link DIR-100 4.03B07: cli.cgi XSS | |||||
CVE-2013-6811 | 1 D-link | 2 Dsl6740u, Dsl6740u Firmware | 2019-12-04 | 6.8 MEDIUM | 8.8 HIGH |
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DSL-6740U gateway (Rev. H1) allow remote attackers to hijack the authentication of administrators for requests that change administrator credentials or enable remote management services to (1) Custom Services in Port Forwarding, (2) Port Triggering Entries, (3) URL Filters in Parental Control, (4) Print Server settings, (5) QoS Queue Setup, or (6) QoS Classification Entries. | |||||
CVE-2013-4855 | 1 D-link | 2 Dir-865l, Dir-865l Firmware | 2019-10-29 | 7.9 HIGH | 8.8 HIGH |
D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share. | |||||
CVE-2013-4856 | 1 D-link | 2 Dir-865l, Dir-865l Firmware | 2019-10-29 | 2.9 LOW | 6.5 MEDIUM |
D-Link DIR-865L has Information Disclosure. | |||||
CVE-2013-4857 | 1 D-link | 2 Dir-865l, Dir-865l Firmware | 2019-10-28 | 7.5 HIGH | 9.8 CRITICAL |
D-Link DIR-865L has PHP File Inclusion in the router xml file. | |||||
CVE-2017-3192 | 1 D-link | 4 Dir-130, Dir-130 Firmware, Dir-330 and 1 more | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device. | |||||
CVE-2017-3191 | 1 D-link | 4 Dir-130, Dir-130 Firmware, Dir-330 and 1 more | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials. | |||||
CVE-2017-3193 | 1 D-link | 2 Dir-850l, Dir-850l Firmware | 2019-10-09 | 8.3 HIGH | 8.8 HIGH |
Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service. | |||||
CVE-2018-10968 | 1 D-link | 4 Dir-550a, Dir-550a Firmware, Dir-604m and 1 more | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability. | |||||
CVE-2018-12710 | 1 D-link | 2 Dir-601, Dir-601 Firmware | 2019-10-02 | 2.7 LOW | 8.0 HIGH |
An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the admin password being displayed in XML. | |||||
CVE-2017-14418 | 1 D-link | 2 Dir-850l, Dir-850l Firmware | 2019-10-02 | 4.3 MEDIUM | 8.1 HIGH |
The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services. | |||||
CVE-2018-17786 | 1 D-link | 2 Dir-823g, Dir-823g Firmware | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code. | |||||
CVE-2018-14081 | 1 D-link | 4 Dir-809, Dir-809 A1 Firmware, Dir-809 A2 Firmware and 1 more | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Device passwords, such as the admin password and the WPA key, are stored in cleartext. | |||||
CVE-2017-14423 | 1 D-link | 2 Dir-850l, Dir-850l Firmware | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests. | |||||
CVE-2018-10967 | 1 D-link | 4 Dir-550a, Dir-550a Firmware, Dir-604m and 1 more | 2019-10-02 | 9.0 HIGH | 8.8 HIGH |
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code execution. |