Filtered by vendor Dlink
Subscribe
Total
844 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-10026 | 1 Dlink | 2 Dap-1360, Dap-1360 Firmware | 2023-04-26 | 5.0 MEDIUM | N/A |
| index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows remote attackers to bypass authentication and obtain sensitive information by setting the client_login cookie to admin. | |||||
| CVE-2014-10028 | 1 Dlink | 2 Dap-1360, Dap-1360 Firmware | 2023-04-26 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi when res_config_id is set to 41. | |||||
| CVE-2018-17441 | 1 Dlink | 1 Central Wifimanager | 2023-04-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS. | |||||
| CVE-2018-18767 | 2 D-link, Dlink | 3 Dcs-825l Firmware, Dcs-825l, Mydlink Baby Camera Monitor | 2023-04-26 | 1.9 LOW | 7.0 HIGH |
| An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and password) in base64 cleartext. An attacker could conduct an MitM attack on the local network and very easily obtain these credentials. | |||||
| CVE-2012-5306 | 1 Dlink | 2 Camera Stream Client Activex Control, Dcs-5605 Ptz Ip Network Camera | 2023-04-26 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the SelectDirectory method in DcsCliCtrl.dll in Camera Stream Client ActiveX Control, as used in D-Link DCS-5605 PTZ IP Network Camera, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string argument. | |||||
| CVE-2018-15517 | 1 Dlink | 1 Central Wifimanager | 2023-04-26 | 5.0 MEDIUM | 8.6 HIGH |
| The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. | |||||
| CVE-2018-17440 | 1 Dlink | 1 Central Wifimanager | 2023-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request. | |||||
| CVE-2018-17442 | 1 Dlink | 1 Central Wifimanager | 2023-04-26 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code. | |||||
| CVE-2018-17443 | 1 Dlink | 1 Central Wifimanager | 2023-04-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS. | |||||
| CVE-2018-15516 | 1 Dlink | 1 Central Wifimanager | 2023-04-26 | 3.5 LOW | 5.8 MEDIUM |
| The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF. | |||||
| CVE-2015-2048 | 1 Dlink | 2 Dcs-931l, Dcs-931l Firmware | 2023-04-26 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2014-8888 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2023-04-26 | 10.0 HIGH | 9.8 CRITICAL |
| The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an "HTTP command injection issue." | |||||
| CVE-2020-6842 | 1 Dlink | 2 Dch-m225, Dch-m225 Firmware | 2023-04-26 | 9.0 HIGH | 7.2 HIGH |
| D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name. | |||||
| CVE-2018-17065 | 1 Dlink | 2 Dir-816 A2, Dir-816 A2 Firmware | 2023-04-26 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address. | |||||
| CVE-2013-7004 | 1 Dlink | 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more | 2023-04-26 | 7.8 HIGH | N/A |
| D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username. | |||||
| CVE-2013-7055 | 1 Dlink | 2 Dir-100, Dir-100 Firmware | 2023-04-26 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DIR-100 4.03B07 has PPTP and poe information disclosure | |||||
| CVE-2020-9534 | 1 Dlink | 2 Dir-615jx10, Dir-615jx10 Firmware | 2023-04-26 | 6.5 MEDIUM | 8.8 HIGH |
| fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup webpage parameter when f_radius_ip1 is malformed. | |||||
| CVE-2023-0127 | 1 Dlink | 2 Dwl-2600ap, Dwl-2600ap Firmware | 2023-04-26 | N/A | 7.8 HIGH |
| A command injection vulnerability in the firmware_update command, in the device's restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root. | |||||
| CVE-2018-10957 | 1 Dlink | 2 Dir-868l, Dir-868l Firmware | 2023-04-26 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components. | |||||
| CVE-2015-0152 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2023-04-26 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the administrative password. | |||||