Filtered by vendor Dlink
Subscribe
Total
844 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19986 | 2 D-link, Dlink | 4 Dir-818lw Firmware, Dir-822 Firmware, Dir-818lw and 1 more | 2023-04-26 | 10.0 HIGH | 9.8 CRITICAL |
| In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is saved in the $path_inf_wan1."/web" internal configuration memory without any regex checking. And in the IPTWAN_build_command function of the iptwan.php source code, the data in $path_inf_wan1."/web" is used with the iptables command without any regex checking. A vulnerable /HNAP1/SetRouterSettings XML message could have shell metacharacters in the RemotePort element such as the `telnetd` string. | |||||
| CVE-2018-17880 | 2 D-link, Dlink | 2 Dir-823g Firmware, Dir-823g | 2023-04-26 | 7.8 HIGH | 7.5 HIGH |
| On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 RunReboot commands without authentication to trigger a reboot. | |||||
| CVE-2023-24350 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2023-04-26 | N/A | 9.8 CRITICAL |
| D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the config.smtp_email_subject parameter at /goform/formSetEmail. | |||||
| CVE-2006-3687 | 2 D-link, Dlink | 7 Di-604 Broadband Router, Di-784, Ebr-2310 Ethernet Broadband Router and 4 more | 2023-04-26 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900. | |||||
| CVE-2023-24343 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2023-04-26 | N/A | 8.8 HIGH |
| D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSchedule. | |||||
| CVE-2018-20305 | 2 D-link, Dlink | 2 Dir-816 A2 Firmware, Dir-816 A2 | 2023-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lead to a stack-based buffer overflow and overwrite a return address. | |||||
| CVE-2017-10676 | 2 D-link, Dlink | 2 Dir-600m Firmware, Dir-600m | 2023-04-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter. | |||||
| CVE-2018-16408 | 2 D-link, Dlink | 2 Dir-846 Firmware, Dir-846 | 2023-04-26 | 9.0 HIGH | 7.2 HIGH |
| D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access. | |||||
| CVE-2018-10748 | 2 D-link, Dlink | 2 Dsl-3782 Firmware, Dsl-3782 | 2023-04-26 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'show' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'show <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | |||||
| CVE-2023-24352 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2023-04-26 | N/A | 9.8 CRITICAL |
| D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWPS. | |||||
| CVE-2014-7860 | 2 D-link, Dlink | 4 Dns-320l Firmware, Dns-327l Firmware, Dns-320l and 1 more | 2023-04-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and access_token. | |||||
| CVE-2018-17787 | 2 D-link, Dlink | 2 Dir-823g Firmware, Dir-823g | 2023-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function. | |||||
| CVE-2018-11013 | 2 D-link, Dlink | 2 Dir-816 A2 Firmware, Dir-816 A2 | 2023-04-26 | 10.0 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header. | |||||
| CVE-2013-6026 | 3 Alphanetworks, Dlink, Planex | 13 Vdsl Asl-55052, Vdsl Asl-56552, Di-524up and 10 more | 2023-04-26 | 10.0 HIGH | N/A |
| The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013. | |||||
| CVE-2018-19988 | 2 D-link, Dlink | 2 Dir-868l Firmware, Dir-868l | 2023-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. It needs to bypass the wget command option with a single quote. A vulnerable /HNAP1/SetClientInfoDemo XML message could have single quotes and backquotes in the AudioMute or AudioEnable element, such as the '`telnetd`' string. | |||||
| CVE-2004-0615 | 2 D-link, Dlink | 3 Di-614\+, Di-704p, Di-624 | 2023-04-26 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request. | |||||
| CVE-2014-4645 | 1 Dlink | 1 Dsl-2760u-e1 | 2023-04-26 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname. | |||||
| CVE-2018-8941 | 2 D-link, Dlink | 2 Dsl-3782 Firmware, Dsl-3782 | 2023-04-26 | 9.0 HIGH | 8.8 HIGH |
| Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. 1.01 has a buffer overflow, allowing authenticated remote attackers to execute arbitrary code via a long Addr value to the 'set Diagnostics_Entry' function in an HTTP request, related to /userfs/bin/tcapi. | |||||
| CVE-2018-20389 | 2 D-link, Dlink | 4 Dcm-604 Firmware, Dcm-704 Firmware, Dcm-604 and 1 more | 2023-04-26 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2015-7245 | 2 D-link, Dlink | 2 Dvg-n5402sp Firmware, Dvg-n5402sp | 2023-04-26 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter. | |||||