Dlink Security Vulnerabilities
D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_48d630 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
9.8CVSS
9.7AI Score
0.002EPSS
D-Link DIR823G_V1.0.2B05 was discovered to contain a stack overflow via the NewPassword parameters in SetPasswdSettings.
9.8CVSS
9.6AI Score
0.002EPSS
D-Link DIR-868L Hardware version A1, firmware version 1.12 is vulnerable to Buffer Overflow. The vulnerability is in scandir.sgi binary.
9.8CVSS
9.3AI Score
0.002EPSS
D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack overflow via /goform/formTcpipSetup,
9.8CVSS
9.5AI Score
0.002EPSS
7.5CVSS
7.5AI Score
0.002EPSS
7.5CVSS
7.5AI Score
0.002EPSS
D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php.
9.8CVSS
9.4AI Score
0.003EPSS
D-Link DAP-1360 webproc var:menu Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The sp...
8.8CVSS
9.1AI Score
0.0005EPSS
D-Link DAP-1360 webproc var:sys_Token Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. Th...
7.5CVSS
8.2AI Score
0.0005EPSS
D-Link DAP-1360 webupg UPGCGI_CheckAuth Numeric Truncation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The spec...
8.8CVSS
9.1AI Score
0.0005EPSS
D-Link DAP-1360 webproc COMM_MakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerabili...
8.8CVSS
9.1AI Score
0.0005EPSS
D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The...
8.8CVSS
9.1AI Score
0.0005EPSS
D-Link DIR-2640 LocalIPAddress Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing ...
6.8CVSS
7.2AI Score
0.0005EPSS
D-Link DIR-2640 prog.cgi Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerabilit...
8.8CVSS
9.1AI Score
0.0005EPSS
D-Link DIR-2640 PrefixLen Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authe...
6.8CVSS
7.2AI Score
0.0005EPSS
D-Link DIR-2640 DestNetwork Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing aut...
6.8CVSS
7.2AI Score
0.0005EPSS
D-Link DIR-2640 EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authe...
6.8CVSS
7.2AI Score
0.0005EPSS
D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method.
9.8CVSS
9.6AI Score
0.002EPSS
D-Link DSL-224 firmware version 3.0.10 allows post authentication command execution via an unspecified method.
8.8CVSS
8.9AI Score
0.001EPSS
D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts
9.8CVSS
9.5AI Score
0.001EPSS
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function.
9.8CVSS
9.8AI Score
0.001EPSS
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary.
9.8CVSS
9.6AI Score
0.003EPSS
D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in the /HNAP1 interface.
9.8CVSS
9.6AI Score
0.013EPSS
An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing a crafted file.
8.8CVSS
8.8AI Score
0.003EPSS
D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function.
8.8CVSS
8.9AI Score
0.002EPSS
D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the exi...
6.8CVSS
7.3AI Score
0.001EPSS
D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerabil...
6.8CVSS
7.3AI Score
0.001EPSS
D-Link DIR-2150 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerabili...
6.8CVSS
7.3AI Score
0.001EPSS
D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability...
6.8CVSS
7.3AI Score
0.001EPSS
D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The spec...
6.8CVSS
7.2AI Score
0.001EPSS
D-Link DIR-2150 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, ...
6.8CVSS
7.3AI Score
0.001EPSS
D-Link DIR-2150 GetFirmwareStatus Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the...
6.8CVSS
7.3AI Score
0.001EPSS
D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerabi...
8.8CVSS
8.7AI Score
0.001EPSS
D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at genacgi_main.
9.8CVSS
9.7AI Score
0.002EPSS
A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /auth_pic.cgi.
5.4CVSS
5.4AI Score
0.001EPSS
D-Link DIR-X3260 prog.cgi SOAPAction Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is not required to exploit this vulnerability. The specifi...
8.8CVSS
9.1AI Score
0.0005EPSS
Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
9.8CVSS
9.5AI Score
0.002EPSS
Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows remote attackers to gain escalated privileges via phpcgi. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
9.8CVSS
9.6AI Score
0.002EPSS
Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
9.8CVSS
9.6AI Score
0.002EPSS
Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
9.8CVSS
9.6AI Score
0.002EPSS
D-LINK DIR-815 v1.01 was discovered to contain a buffer overflow via the component /web/captcha.cgi.
7.5CVSS
7.8AI Score
0.001EPSS
D-Link DIR-619L v2.04(TW) was discovered to contain a stack overflow via the curTime parameter at /goform/formLogin.
9.8CVSS
9.7AI Score
0.002EPSS
D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis.
9.8CVSS
9.7AI Score
0.001EPSS
D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to contain a command injection vulnerability via the lxmldbc_system function at /htdocs/cgibin.
9.8CVSS
9.7AI Score
0.001EPSS
D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the acStack_50 parameter.
9.8CVSS
9.7AI Score
0.002EPSS
D-Link DIR-842 fw_revA_1-02_eu_multi_20151008 was discovered to contain multiple buffer overflows in the fgets function via the acStack_120 and acStack_220 parameters.
9.8CVSS
9.5AI Score
0.002EPSS
D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the FUN_0000acb4 function.
9.8CVSS
9.7AI Score
0.002EPSS
D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the inet_ntoa() function.
9.8CVSS
9.7AI Score
0.002EPSS
D-Link DIR-880 A1_FW107WWb08 was discovered to contain a NULL pointer dereference in the function FUN_00010824.
7.5CVSS
7.5AI Score
0.001EPSS
D-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overflow via the function FUN_0001be68.
9.8CVSS
9.7AI Score
0.002EPSS