Filtered by vendor Dlink
Subscribe
Total
1359 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-46562 | 1 Dlink | 2 Dir-882 A1, Dir-882 A1 Firmware | 2025-04-15 | N/A | 7.2 HIGH |
| D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the PSK parameter in the SetQuickVPNSettings module. | |||||
| CVE-2022-46568 | 1 Dlink | 2 Dir-882 A1, Dir-882 A1 Firmware | 2025-04-15 | N/A | 7.2 HIGH |
| D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the AccountPassword parameter in the SetSysEmailSettings module. | |||||
| CVE-2022-46569 | 1 Dlink | 2 Dir-882 A1, Dir-882 A1 Firmware | 2025-04-15 | N/A | 7.2 HIGH |
| D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Key parameter in the SetWLanRadioSecurity module. | |||||
| CVE-2022-46641 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2025-04-15 | N/A | 9.9 CRITICAL |
| D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the lan(0)_dhcps_staticlist parameter in the SetIpMacBindSettings function. | |||||
| CVE-2023-44415 | 1 Dlink | 4 Dir-1260, Dir-1260 Firmware, Dir-2150 and 1 more | 2025-04-11 | N/A | 8.0 HIGH |
| D-Link Multiple Routers cli Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1260 and DIR-2150 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the CLI service, which listens on TCP port 23. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-19946. | |||||
| CVE-2015-1187 | 2 Dlink, Trendnet | 30 Dir-626l, Dir-626l Firmware, Dir-636l and 27 more | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
| The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. | |||||
| CVE-2018-6530 | 1 Dlink | 8 Dir-860l, Dir-860l Firmware, Dir-865l and 5 more | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
| OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter. | |||||
| CVE-2019-17621 | 1 Dlink | 28 Dir-818lx, Dir-818lx Firmware, Dir-822 and 25 more | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
| The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. | |||||
| CVE-2019-16920 | 1 Dlink | 20 Dap-1533, Dap-1533 Firmware, Dhp-1565 and 17 more | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
| Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825. | |||||
| CVE-2021-45382 | 1 Dlink | 12 Dir-810l, Dir-810l Firmware, Dir-820l and 9 more | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all hardware revisions, have reached their End of Life ("EOL") /End of Service Life ("EOS") Life-Cycle and as such this issue will not be patched. | |||||
| CVE-2022-46475 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
| D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack overflow via the service= variable in the genacgi_main function. | |||||
| CVE-2022-46476 | 1 Dlink | 2 Dir-859 A1, Dir-859 A1 Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
| D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function. | |||||
| CVE-2025-29635 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2025-04-03 | N/A | N/A |
| A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution. | |||||
| CVE-2022-48108 | 1 Dlink | 2 Dir 878, Dir 878 Firmware | 2025-03-28 | N/A | 9.8 CRITICAL |
| D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload. | |||||
| CVE-2022-48107 | 1 Dlink | 2 Dir 878, Dir 878 Firmware | 2025-03-28 | N/A | 9.8 CRITICAL |
| D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress. This vulnerability allows attackers to escalate privileges to root via a crafted payload. | |||||
| CVE-2022-47035 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2025-03-27 | N/A | 9.8 CRITICAL |
| Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint. | |||||
| CVE-2022-46552 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2025-03-27 | N/A | 8.8 HIGH |
| D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request. | |||||
| CVE-2014-8361 | 3 Aterm, Dlink, Realtek | 51 W1200ex, W1200ex-ms, W1200ex-ms Firmware and 48 more | 2025-03-26 | 10.0 HIGH | 9.8 CRITICAL |
| The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. | |||||
| CVE-2025-2618 | 1 Dlink | 2 Dap-1620, Dap-1620 Firmware | 2025-03-26 | N/A | N/A |
| A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function set_ws_action of the file /dws/api/ of the component Path Handler. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-2619 | 1 Dlink | 2 Dap-1620, Dap-1620 Firmware | 2025-03-26 | N/A | N/A |
| A vulnerability, which was classified as critical, was found in D-Link DAP-1620 1.03. This affects the function check_dws_cookie of the file /storage of the component Cookie Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||