Vulnerabilities (CVE)

Filtered by vendor Dlink Subscribe
Total 950 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-14415 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php.
CVE-2017-14414 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php.
CVE-2017-14413 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php.
CVE-2017-12943 1 Dlink 2 Dir-600 B1, Dir-600 B1 Firmware 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password.
CVE-2017-11564 1 Dlink 2 Eyeon Baby Monitor, Eyeon Baby Monitor Firmware 2024-11-21 9.0 HIGH 8.8 HIGH
The D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has multiple command injection vulnerabilities in the web service framework. An attacker can forge malicious HTTP requests to execute commands; authentication is required before executing the attack.
CVE-2017-11563 1 Dlink 2 Eyeon Baby Monitor, Eyeon Baby Monitor Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. A UDP "Discover" service, which provides multiple functions such as changing the passwords and getting basic information, was installed on the device. A remote attacker can send a crafted UDP request to finderd to perform stack overflow and execute arbitrary code with root privilege on the device.
CVE-2017-11436 1 Dlink 1 Dir-615 2024-11-21 7.5 HIGH 9.8 CRITICAL
D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection.
CVE-2017-10676 2 D-link, Dlink 2 Dir-600m Firmware, Dir-600m 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter.
CVE-2016-6563 1 Dlink 18 Dir-818l\(w\), Dir-818l\(w\) Firmware, Dir-822 and 15 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.
CVE-2016-5681 2 D-link, Dlink 20 Dir-817l\(w\) Firmware, Dir-818l\(w\) Firmware, Dir-823 Firmware and 17 more 2024-11-21 9.3 HIGH 9.8 CRITICAL
Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08, DIR-868L B1 2.03 before 2.03WWb01, and DIR-868L C1 3.00 before 3.00WWb01 devices allows remote attackers to execute arbitrary code via a long session cookie.
CVE-2016-20017 1 Dlink 2 Dsl-2750b, Dsl-2750b Firmware 2024-11-21 N/A 9.8 CRITICAL
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022.
CVE-2016-1559 2 D-link, Dlink 6 Dap-1353 H\/w B1 Firmware, Dap-2553 H\/w A1 Firmware, Dap-3520 H\/w A1 Firmware and 3 more 2024-11-21 2.6 LOW 8.1 HIGH
D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP.
CVE-2016-1558 1 Dlink 20 Dap-2230, Dap-2230 Firmware, Dap-2310 and 17 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, DAP-2695 1.16 and earlier, DAP-3320 1.00 and earlier, and DAP-3662 1.01 and earlier allows remote attackers to have unspecified impact via a crafted 'dlink_uid' cookie.
CVE-2016-11021 1 Dlink 2 Dcs-930l, Dcs-930l Firmware 2024-11-21 9.0 HIGH 7.2 HIGH
setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter.
CVE-2016-10699 1 Dlink 2 Dsl-2740e, Dsl-2740e Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a victim when checking the router logs.
CVE-2016-10405 2 D-link, Dlink 2 Dir-600l Firmware, Dir-600l 2024-11-21 7.5 HIGH 9.8 CRITICAL
Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2016-10186 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered on the D-Link DWR-932B router. /var/miniupnpd.conf has no deny rules.
CVE-2016-10185 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf.
CVE-2016-10184 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal.
CVE-2016-10183 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal.