Filtered by vendor Dlink
Subscribe
Total
844 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42627 | 1 Dlink | 8 Dir-615, Dir-615 Firmware, Dir-615 J1 and 5 more | 2023-04-26 | N/A | 9.8 CRITICAL |
| The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page. | |||||
| CVE-2018-18442 | 2 D-link, Dlink | 2 Dcs-825l Firmware, Dcs-825l | 2023-04-26 | 7.8 HIGH | 7.5 HIGH |
| D-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-service (DoS) attacks. An attacker can harm the device availability (i.e., live-online video/audio streaming) by using the hping3 tool to perform an IPv4 flood attack. Verified attacks includes SYN flooding, UDP flooding, ICMP flooding, and SYN-ACK flooding. | |||||
| CVE-2014-7857 | 2 D-link, Dlink | 14 Dnr-326 Firmware, Dns-320b Firmware, Dns-320l Firmware and 11 more | 2023-04-26 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session's cookie to username=admin. | |||||
| CVE-2017-7851 | 2 D-link, Dlink | 2 Dcs-936l, Dcs-936l | 2023-04-26 | 6.8 MEDIUM | 8.8 HIGH |
| D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header. | |||||
| CVE-2022-35191 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2023-04-26 | N/A | 6.5 MEDIUM |
| D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via a crafted HTTP connection request. | |||||
| CVE-2023-24346 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2023-04-26 | N/A | 8.8 HIGH |
| D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the wan_connected parameter at /goform/formEasySetupWizard3. | |||||
| CVE-2023-24344 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2023-04-26 | N/A | 8.8 HIGH |
| D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWlanGuestSetup. | |||||
| CVE-2018-10431 | 2 D-link, Dlink | 2 Dir-615 Firmware, Dir-615 | 2023-04-26 | 6.5 MEDIUM | 7.2 HIGH |
| D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen. | |||||
| CVE-2019-9125 | 2 D-link, Dlink | 2 Dir-878 Firmware, Dir-878 | 2023-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-878 1.12B01 devices. Because strncpy is misused, there is a stack-based buffer overflow vulnerability that does not require authentication via the HNAP_AUTH HTTP header. | |||||
| CVE-2020-15633 | 2 D-link, Dlink | 6 Dir-867 Firmware, Dir-878 Firmware, Dir-882 Firmware and 3 more | 2023-04-26 | 5.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP requests. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-10835. | |||||
| CVE-2023-24347 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2023-04-26 | N/A | 8.8 HIGH |
| D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formSetWanDhcpplus. | |||||
| CVE-2014-7858 | 2 D-link, Dlink | 2 Dnr-326 Firmware, Dnr-326 | 2023-04-26 | 10.0 HIGH | 9.8 CRITICAL |
| The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string. | |||||
| CVE-2022-40946 | 1 Dlink | 2 Dir-819, Dir-819 Firmware | 2023-04-21 | N/A | 7.5 HIGH |
| On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via the sys_token parameter in a cgi-bin/webproc?getpage=html/index.html request. | |||||
| CVE-2023-27216 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2023-04-20 | N/A | 8.8 HIGH |
| An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the network settings page. | |||||
| CVE-2023-27719 | 1 Dlink | 2 Dir878, Dir878 Firmware | 2023-04-18 | N/A | 9.8 CRITICAL |
| D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_478360 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | |||||
| CVE-2023-27718 | 1 Dlink | 2 Dir878, Dir878 Firmware | 2023-04-17 | N/A | 9.8 CRITICAL |
| D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_498308 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | |||||
| CVE-2023-27720 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2023-04-13 | N/A | 9.8 CRITICAL |
| D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_48d630 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | |||||
| CVE-2023-24800 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2023-04-13 | N/A | 9.8 CRITICAL |
| D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_495220 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | |||||
| CVE-2023-24799 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2023-04-13 | N/A | 9.8 CRITICAL |
| D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_48AF78 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | |||||
| CVE-2023-24798 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2023-04-13 | N/A | 9.8 CRITICAL |
| D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_475FB0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | |||||