Vulnerabilities (CVE)

Filtered by vendor D-link Subscribe
Total 113 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-3347 1 D-link 1 Dir-400 2024-11-21 10.0 HIGH N/A
Buffer overflow on the D-Link DIR-400 wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
CVE-2008-4771 3 4xem, D-link, Vivotek 3 Vatctrl Class, Mpeg4 Shm Audio Control, Rtsp Mpeg4 Sp Control 2024-11-21 9.3 HIGH N/A
Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39), and possibly other products, allows remote attackers to execute arbitrary code via a long Url property. NOTE: some of these details are obtained from third party information.
CVE-2008-4133 1 D-link 1 Dir-100 2024-11-21 4.3 MEDIUM N/A
The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters.
CVE-2008-1258 1 D-link 1 Di-604 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI-604 router allows remote attackers to inject arbitrary web script or HTML via the rf parameter.
CVE-2008-1253 1 D-link 1 Dsl-g604t 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Link DSL-G604T router allows remote attackers to inject arbitrary web script or HTML via the var:category parameter, as demonstrated by a request for advanced/portforw.htm on the fwan page.
CVE-2007-3348 1 D-link 2 Dph-540, Dph-541 2024-11-21 7.8 HIGH N/A
The D-Link DPH-540/DPH-541 phone allows remote attackers to cause a denial of service (device outage) via a malformed SDP header in a SIP INVITE message.
CVE-2007-3347 1 D-link 2 Dph-540, Dph-541 2024-11-21 7.8 HIGH N/A
The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID.
CVE-2007-1435 1 D-link 1 Tftp Server 2024-11-21 10.0 HIGH N/A
Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to cause a denial of service (crash) via a long (1) GET or (2) PUT request, which triggers memory corruption. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0933 2 D-link, Microsoft 2 Dwl-g650\+, Windows Xp 2024-11-21 7.8 HIGH N/A
Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ (Rev. A1) on Windows XP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a beacon frame with a long TIM Information Element.
CVE-2006-6538 1 D-link 1 Dwl-2000ap\+ 2024-11-21 7.8 HIGH N/A
D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the wireless link.
CVE-2006-6055 1 D-link 1 Dwl-g132 2024-11-21 10.0 HIGH N/A
Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 wireless adapter allows remote attackers to execute arbitrary code via a 802.11 beacon request with a long Rates information element (IE).
CVE-2006-5538 1 D-link 1 Dsl-g624t 2024-11-21 5.0 MEDIUM N/A
D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to list contents of the cgi-bin directory via unspecified vectors, probably a direct request.
CVE-2006-5537 1 D-link 1 Dsl-g624t 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allow remote attackers to inject arbitrary web script or HTML via the (1) upnp:settings/state or (2) upnp:settings/connection parameters.
CVE-2006-5536 1 D-link 1 Dsl-g624t 2024-11-21 5.0 MEDIUM N/A
Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter.
CVE-2006-3687 2 D-link, Dlink 7 Di-604 Broadband Router, Di-784, Ebr-2310 Ethernet Broadband Router and 4 more 2024-11-21 7.5 HIGH N/A
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900.
CVE-2006-2901 1 D-link 1 Dwl-2100ap 2024-11-21 5.0 MEDIUM N/A
The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords.
CVE-2006-2653 1 D-link 1 Dsa-3100 Airspot Gateway 2024-11-21 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter.
CVE-2006-2337 1 D-link 1 Dsl-g604t 2024-11-21 5.0 MEDIUM N/A
Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wireless ADSL Router Modem allows remote attackers to read arbitrary files via an absolute path in the getpage parameter.
CVE-2006-0784 1 D-link 1 Dwl-g700ap 2024-11-21 5.0 MEDIUM N/A
D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of "GET" followed by a space and two newlines, possibly triggering the crash due to missing arguments.
CVE-2005-4723 2 D-link, Dlink 4 Di-524, Di-784, Di-524 and 1 more 2024-11-21 5.0 MEDIUM N/A
D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment.