Filtered by vendor Dlink
Subscribe
Total
1359 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33346 | 1 Dlink | 2 Dsl-2888a, Dsl-2888a Firmware | 2022-07-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. An attacker can use this vulnerability to modify the password of the admin user without authorization. | |||||
| CVE-2020-29323 | 1 Dlink | 2 Dir-885l-mfc, Dir-885l-mfc Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. | |||||
| CVE-2021-46314 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backticks can be used for command injection when judging whether it is a reasonable domain name. | |||||
| CVE-2021-26810 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi, which can lead to command injection via shell metacharacters in the statuscheckpppoeuser parameter. | |||||
| CVE-2021-20694 | 1 Dlink | 2 Dap-1880ac, Dap-1880ac Firmware | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| Improper access control vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to bypass access restriction and to start a telnet service via unspecified vectors. | |||||
| CVE-2021-44882 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. | |||||
| CVE-2018-18907 | 1 Dlink | 2 Dir-850l, Dir-850l Firmare | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on D-Link DIR-850L 1.21WW devices. A partially completed WPA handshake is sufficient for obtaining full access to the wireless network. A client can access the network by sending packets on Data Frames to the AP without encryption. | |||||
| CVE-2021-28143 | 1 Dlink | 2 Dir-841, Dir-841 Firmware | 2022-06-28 | 7.7 HIGH | 8.0 HIGH |
| /jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute (under System Tools). | |||||
| CVE-2021-28144 | 1 Dlink | 2 Dir-3060, Dir-3060 Firmware | 2022-06-28 | 9.0 HIGH | 8.8 HIGH |
| prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls CheckArpTables, which calls popen unsafely. | |||||
| CVE-2020-25367 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2022-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login. | |||||
| CVE-2020-25368 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2022-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login. | |||||
| CVE-2022-29332 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2022-05-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the "../../../../" setting of the FTP server folder to set the router's root folder for FTP access. This allows you to access the entire router file system via the FTP server. | |||||
| CVE-2022-28955 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2022-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php. | |||||
| CVE-2022-28956 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload. | |||||
| CVE-2022-29327 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel. | |||||
| CVE-2022-29329 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap overflow via the devicename parameter in /goform/setDeviceSettings. | |||||
| CVE-2022-29328 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack overflow via the function checkvalidupgrade. | |||||
| CVE-2022-29326 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter. | |||||
| CVE-2022-29324 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd. | |||||
| CVE-2022-29325 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter. | |||||