Vulnerabilities (CVE)

Filtered by vendor Dlink Subscribe
Total 950 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-37055 1 Dlink 2 Go-rt-ac750, Go-rt-ac750 Firmware 2024-11-21 N/A 9.8 CRITICAL
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main,
CVE-2022-36786 1 Dlink 2 Dsl-224, Dsl-224 Firmware 2024-11-21 N/A 9.9 CRITICAL
DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router.
CVE-2022-36785 1 Dlink 2 G Integrated Access Device4, G Integrated Access Device4 Firmware 2024-11-21 N/A 7.5 HIGH
D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass. *Information Disclosure – file contains a URL with private IP at line 15 "login.asp" A. The window.location.href = http://192.168.1.1/setupWizard.asp" http://192.168.1.1/setupWizard.asp" ; "admin" – contains default username value "login.asp" B. While accessing the web interface, the login form at *Authorization Bypass – URL by "setupWizard.asp' while it blocks direct access to – the web interface does not properly validate user identity variables values located at the client side, it is available to access it without a "login_glag" and "login_status" checking browser and to read the admin user credentials for the web interface.
CVE-2022-36756 1 Dlink 2 Dir-845l, Dir-845l Firmware 2024-11-21 N/A 9.8 CRITICAL
DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php.
CVE-2022-36755 1 Dlink 2 Dir-845l, Dir-845l Firmware 2024-11-21 N/A 9.8 CRITICAL
D-Link DIR845L A1 contains a authentication vulnerability via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php.
CVE-2022-36620 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-11-21 N/A 7.5 HIGH
D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /goform/addRouting.
CVE-2022-36619 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-11-21 N/A 7.5 HIGH
In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC.
CVE-2022-36588 1 Dlink 2 Dap-1650, Dap-1650 Firmware 2024-11-21 N/A 9.8 CRITICAL
In D-Link DAP1650 v1.04 firmware, the fileaccess.cgi program in the firmware has a buffer overflow vulnerability caused by strncpy.
CVE-2022-36526 1 Dlink 2 Go-rt-ac750, Go-rt-ac750 Firmware 2024-11-21 N/A 7.5 HIGH
D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Authentication Bypass via function phpcgi_main in cgibin.
CVE-2022-36525 1 Dlink 2 Go-rt-ac750, Go-rt-ac750 Firmware 2024-11-21 N/A 9.8 CRITICAL
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Buffer Overflow via authenticationcgi_main.
CVE-2022-36524 1 Dlink 2 Go-rt-ac750, Go-rt-ac750 Firmware 2024-11-21 N/A 7.5 HIGH
D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Static Default Credentials via /etc/init0.d/S80telnetd.sh.
CVE-2022-36523 1 Dlink 2 Go-rt-ac750, Go-rt-ac750 Firmware 2024-11-21 N/A 9.8 CRITICAL
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to command injection via /htdocs/upnpinc/gena.php.
CVE-2022-35620 1 Dlink 2 Dir-818l, Dir-818l Firmware 2024-11-21 N/A 9.8 CRITICAL
D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function binary.soapcgi_main.
CVE-2022-35619 1 Dlink 2 Dir-818l, Dir-818l Firmware 2024-11-21 N/A 9.8 CRITICAL
D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function ssdpcgi_main.
CVE-2022-35192 1 Dlink 2 Dsl-3782, Dsl-3782 Firmware 2024-11-21 N/A 7.5 HIGH
D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via the User parameter or Pwd parameter to Login.asp.
CVE-2022-35191 1 Dlink 2 Dsl-3782, Dsl-3782 Firmware 2024-11-21 N/A 6.5 MEDIUM
D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via a crafted HTTP connection request.
CVE-2022-34974 1 Dlink 2 Dir820la1, Dir820la1 Firmware 2024-11-21 N/A 9.8 CRITICAL
D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function.
CVE-2022-34973 1 Dlink 2 Dir820la1, Dir820la1 Firmware 2024-11-21 N/A 7.5 HIGH
D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at ping.ccp.
CVE-2022-34528 1 Dlink 2 Dsl-3782, Dsl-3782 Firmware 2024-11-21 N/A 8.8 HIGH
D-Link DSL-3782 v1.03 and below was discovered to contain a stack overflow via the function getAttrValue.
CVE-2022-34527 1 Dlink 2 Dsl-3782, Dsl-3782 Firmware 2024-11-21 N/A 8.8 HIGH
D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via the function byte_4C0160.