Filtered by vendor D-link
Subscribe
Total
279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17441 | 1 D-link | 1 Central Wifimanager | 2018-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS. | |||||
| CVE-2006-3687 | 1 D-link | 7 Di-524, Di-604 Broadband Router, Di-624 and 4 more | 2018-10-18 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900. | |||||
| CVE-2006-2901 | 1 D-link | 1 Dwl-2100ap | 2018-10-18 | 5.0 MEDIUM | N/A |
| The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords. | |||||
| CVE-2006-2653 | 1 D-link | 1 Dsa-3100 Airspot Gateway | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter. | |||||
| CVE-2006-2337 | 1 D-link | 1 Dsl-g604t | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wireless ADSL Router Modem allows remote attackers to read arbitrary files via an absolute path in the getpage parameter. | |||||
| CVE-2006-0784 | 1 D-link | 1 Dwl-g700ap | 2018-10-18 | 5.0 MEDIUM | N/A |
| D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of "GET" followed by a space and two newlines, possibly triggering the crash due to missing arguments. | |||||
| CVE-2006-6538 | 1 D-link | 1 Dwl-2000ap\+ | 2018-10-17 | 7.8 HIGH | N/A |
| D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the wireless link. | |||||
| CVE-2006-5537 | 1 D-link | 1 Dsl-g624t | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allow remote attackers to inject arbitrary web script or HTML via the (1) upnp:settings/state or (2) upnp:settings/connection parameters. | |||||
| CVE-2006-5538 | 1 D-link | 1 Dsl-g624t | 2018-10-17 | 5.0 MEDIUM | N/A |
| D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to list contents of the cgi-bin directory via unspecified vectors, probably a direct request. | |||||
| CVE-2006-5536 | 1 D-link | 1 Dsl-g624t | 2018-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter. | |||||
| CVE-2008-4133 | 1 D-link | 1 Dir-100 | 2018-10-11 | 4.3 MEDIUM | N/A |
| The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters. | |||||
| CVE-2008-1253 | 1 D-link | 1 Dsl-g604t | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Link DSL-G604T router allows remote attackers to inject arbitrary web script or HTML via the var:category parameter, as demonstrated by a request for advanced/portforw.htm on the fwan page. | |||||
| CVE-2008-1266 | 1 D-link | 1 Di-524 | 2018-10-11 | 7.8 HIGH | N/A |
| Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value. | |||||
| CVE-2008-1258 | 1 D-link | 1 Di-604 | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI-604 router allows remote attackers to inject arbitrary web script or HTML via the rf parameter. | |||||
| CVE-2010-2293 | 1 D-link | 1 Di-604 | 2018-10-10 | 6.8 MEDIUM | N/A |
| The Ping tools web interface in Dlink Di-604 router allows remote authenticated users to cause a denial of service via a large "ip textfield" size. | |||||
| CVE-2010-2292 | 1 D-link | 1 Di-604 | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Ping tools web interface in Dlink Di-604 router allows remote attackers to inject arbitrary web script or HTML via the IP field. | |||||
| CVE-2015-5999 | 1 D-link | 2 Dir-816l, Dir-816l Firmware | 2018-10-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi. | |||||
| CVE-2014-7860 | 1 D-link | 4 Dns-320l, Dns-320l Firmware, Dns-327l and 1 more | 2018-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and access_token. | |||||
| CVE-2014-7857 | 1 D-link | 14 Dnr-326, Dnr-326 Firmware, Dns-320b and 11 more | 2018-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session's cookie to username=admin. | |||||
| CVE-2014-7858 | 1 D-link | 2 Dnr-326, Dnr-326 Firmware | 2018-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string. | |||||