Filtered by vendor Dlink
Subscribe
Total
448 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-44880 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882_FW1.30B06_Hotfix_02 were discovered to contain a command injection vulnerability in the system function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. | |||||
CVE-2021-40655 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page | |||||
CVE-2021-44882 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. | |||||
CVE-2021-46314 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backticks can be used for command injection when judging whether it is a reasonable domain name. | |||||
CVE-2021-40654 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page | |||||
CVE-2021-41753 | 1 Dlink | 4 Dir-x1560, Dir-x1560 Firmware, Dir-x6060 and 1 more | 2022-07-12 | 7.8 HIGH | 7.5 HIGH |
A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1.04B04, and DIR-X6060, v1.11B04 allows a remote unauthenticated attacker to disconnect a wireless client via sending specific spoofed SAE authentication frames. | |||||
CVE-2020-29323 | 1 Dlink | 2 Dir-885l-mfc, Dir-885l-mfc Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. | |||||
CVE-2020-29321 | 1 Dlink | 2 Dir-868l, Dir-868l Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. | |||||
CVE-2021-44881 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. | |||||
CVE-2022-32092 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2022-07-07 | 7.5 HIGH | 9.8 CRITICAL |
D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi. | |||||
CVE-2018-18907 | 1 Dlink | 2 Dir-850l, Dir-850l Firmare | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered on D-Link DIR-850L 1.21WW devices. A partially completed WPA handshake is sufficient for obtaining full access to the wireless network. A client can access the network by sending packets on Data Frames to the AP without encryption. | |||||
CVE-2022-29778 | 1 Dlink | 2 Dir-890l, Dir-890l Firmware | 2022-06-14 | 6.5 MEDIUM | 8.8 HIGH |
** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php. | |||||
CVE-2022-30521 | 1 Dlink | 2 Dir-890l, Dir-890l Firmware | 2022-06-13 | 10.0 HIGH | 9.8 CRITICAL |
The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users easily. The attackers can exploit the vulnerability to carry out arbitrary code by means of sending a specially constructed payload to port 49152. | |||||
CVE-2022-28932 | 1 Dlink | 2 Dsl-g2452dg, Dsl-g2452dg Firmware | 2022-06-02 | 7.5 HIGH | 9.8 CRITICAL |
D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions. | |||||
CVE-2022-29332 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2022-05-26 | 4.0 MEDIUM | 6.5 MEDIUM |
D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the "../../../../" setting of the FTP server folder to set the router's root folder for FTP access. This allows you to access the entire router file system via the FTP server. | |||||
CVE-2022-28955 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2022-05-25 | 5.0 MEDIUM | 7.5 HIGH |
An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php. | |||||
CVE-2022-28956 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2022-05-25 | 7.5 HIGH | 9.8 CRITICAL |
An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload. | |||||
CVE-2022-29327 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel. | |||||
CVE-2022-29328 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack overflow via the function checkvalidupgrade. | |||||
CVE-2022-29329 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap overflow via the devicename parameter in /goform/setDeviceSettings. |