Vulnerabilities (CVE)

Filtered by vendor Dlink Subscribe
Filtered by product Dir-865l
Total 16 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-25786 1 Dlink 12 Dir-645, Dir-645 Firmware, Dir-803 and 9 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header
CVE-2020-13787 1 Dlink 2 Dir-865l, Dir-865l Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.
CVE-2020-13786 1 Dlink 2 Dir-865l, Dir-865l Firmware 2024-11-21 6.8 MEDIUM 8.8 HIGH
D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.
CVE-2020-13785 1 Dlink 2 Dir-865l, Dir-865l Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.
CVE-2020-13784 1 Dlink 2 Dir-865l, Dir-865l Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.
CVE-2020-13783 1 Dlink 2 Dir-865l, Dir-865l Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.
CVE-2020-13782 1 Dlink 2 Dir-865l, Dir-865l Firmware 2024-11-21 6.5 MEDIUM 8.8 HIGH
D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.
CVE-2019-20213 1 Dlink 28 Dir-818lx, Dir-818lx Firmware, Dir-822 and 25 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.
CVE-2019-17621 1 Dlink 28 Dir-818lx, Dir-818lx Firmware, Dir-822 and 25 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
CVE-2018-6530 1 Dlink 8 Dir-860l, Dir-860l Firmware, Dir-865l and 5 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.
CVE-2018-6529 1 Dlink 6 Dir-860l, Dir-860l Firmware, Dir-865l and 3 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.
CVE-2018-6528 1 Dlink 6 Dir-860l, Dir-860l Firmware, Dir-865l and 3 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.
CVE-2018-6527 1 Dlink 6 Dir-860l, Dir-860l Firmware, Dir-865l and 3 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.
CVE-2013-4857 1 Dlink 2 Dir-865l, Dir-865l Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
D-Link DIR-865L has PHP File Inclusion in the router xml file.
CVE-2013-4856 1 Dlink 2 Dir-865l, Dir-865l Firmware 2024-11-21 2.9 LOW 6.5 MEDIUM
D-Link DIR-865L has Information Disclosure.
CVE-2013-4855 1 Dlink 2 Dir-865l, Dir-865l Firmware 2024-11-21 7.9 HIGH 8.8 HIGH
D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.