Filtered by vendor D-link
Subscribe
Total
279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6213 | 1 D-link | 2 Dir-620, Dir-620 Firmware | 2018-08-11 | 10.0 HIGH | 9.8 CRITICAL |
| In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account. | |||||
| CVE-2018-6211 | 1 D-link | 2 Dir-620, Dir-620 Firmware | 2018-08-11 | 9.0 HIGH | 7.2 HIGH |
| On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi. | |||||
| CVE-2018-6212 | 1 D-link | 2 Dir-620, Dir-620 Firmware | 2018-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of the XMLHttpRequest object. | |||||
| CVE-2018-8898 | 1 D-link | 2 Dsl-3782, Dsl-3782 Firmware | 2018-07-02 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and configurations meanwhile an administrator is logged into the web panel. | |||||
| CVE-2018-10996 | 1 D-link | 2 Dir-629-b, Dir-629-b Firmware | 2018-06-18 | 10.0 HIGH | 9.8 CRITICAL |
| The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout request involving a long REMOTE_ADDR environment variable. | |||||
| CVE-2018-10957 | 1 D-link | 2 Dir-868l, Dir-868l Firmware | 2018-06-13 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components. | |||||
| CVE-2018-10713 | 1 D-link | 2 Dsl-3782, Dsl-3782 Firmware | 2018-06-12 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'read' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'read <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | |||||
| CVE-2018-10750 | 1 D-link | 2 Dsl-3782, Dsl-3782 Firmware | 2018-06-12 | 9.3 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | |||||
| CVE-2018-10749 | 1 D-link | 2 Dsl-3782, Dsl-3782 Firmware | 2018-06-12 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'commit' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'commit <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | |||||
| CVE-2018-10747 | 1 D-link | 2 Dsl-3782, Dsl-3782 Firmware | 2018-06-12 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'unset <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | |||||
| CVE-2018-10746 | 1 D-link | 2 Dsl-3782, Dsl-3782 Firmware | 2018-06-12 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'get' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'get <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | |||||
| CVE-2018-10748 | 1 D-link | 2 Dsl-3782, Dsl-3782 Firmware | 2018-06-12 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'show' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'show <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | |||||
| CVE-2018-9284 | 1 D-link | 2 Dir-868l, Singapore Starhub Firmware | 2018-05-22 | 10.0 HIGH | 9.8 CRITICAL |
| authentication.cgi on D-Link DIR-868L devices with Singapore StarHub firmware before v1.21SHCb03 allows remote attackers to execute arbitrary code. | |||||
| CVE-2018-10110 | 1 D-link | 2 Dir-615 T1, Dir-615 T1 Firmware | 2018-05-21 | 3.5 LOW | 4.8 MEDIUM |
| D-Link DIR-615 T1 devices allow XSS via the Add User feature. | |||||
| CVE-2018-8941 | 1 D-link | 2 Dsl-3782, Dsl-3782 Firmware | 2018-05-21 | 9.0 HIGH | 8.8 HIGH |
| Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. 1.01 has a buffer overflow, allowing authenticated remote attackers to execute arbitrary code via a long Addr value to the 'set Diagnostics_Entry' function in an HTTP request, related to /userfs/bin/tcapi. | |||||
| CVE-2015-0150 | 1 D-link | 2 Dir-815, Dir-815 Firmware | 2018-05-18 | 7.5 HIGH | 9.8 CRITICAL |
| The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2018-10108 | 1 D-link | 2 Dir-815, Dir-815 Firmware | 2018-05-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php. | |||||
| CVE-2018-10107 | 1 D-link | 2 Dir-815, Dir-815 Firmware | 2018-05-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php. | |||||
| CVE-2018-10106 | 1 D-link | 2 Dir-815, Dir-815 Firmware | 2018-05-18 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have permission bypass and information disclosure in /htdocs/web/getcfg.php, as demonstrated by a /getcfg.php?a=%0a_POST_SERVICES%3DDEVICE.ACCOUNT%0aAUTHORIZED_GROUP%3D1 request. | |||||
| CVE-2015-0153 | 1 D-link | 2 Dir-815, Dir-815 Firmware | 2018-05-18 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key. | |||||