Vulnerabilities (CVE)

Filtered by vendor Dlink Subscribe
Total 406 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-44801 1 Dlink 2 Dir-878, Dir-878 Firmware 2022-11-23 N/A 9.8 CRITICAL
D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control.
CVE-2022-44202 1 Dlink 2 Dir-878, Dir-878 Firmware 2022-11-23 N/A 9.8 CRITICAL
D-Link DIR878 1.02B04 and 1.02B05 are vulnerable to Buffer Overflow.
CVE-2022-44804 1 Dlink 2 Dir-882, Dir-882 Firmware 2022-11-23 N/A 9.8 CRITICAL
D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function.
CVE-2022-44807 1 Dlink 2 Dir-882, Dir-882 Firmware 2022-11-23 N/A 9.8 CRITICAL
D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString.
CVE-2022-44806 1 Dlink 2 Dir-882, Dir-882 Firmware 2022-11-23 N/A 9.8 CRITICAL
D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow.
CVE-2022-44201 1 Dlink 2 Dir-823g, Dir-823g Firmware 2022-11-23 N/A 9.8 CRITICAL
D-Link DIR823G 1.02B05 is vulnerable to Commad Injection.
CVE-2022-44808 1 Dlink 2 Dir-823g, Dir-823g Firmware 2022-11-23 N/A 9.8 CRITICAL
A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability.
CVE-2022-36786 1 Dlink 2 Dsl-224, Dsl-224 Firmware 2022-11-22 N/A 9.9 CRITICAL
DLINK - DSL-224 Post-auth PCE. DLINK router has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router.
CVE-2022-36785 1 Dlink 2 G Integrated Access Device4, G Integrated Access Device4 Firmware 2022-11-22 N/A 7.5 HIGH
D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass. *Information Disclosure – file contains a URL with private IP at line 15 "login.asp" A. The window.location.href = http://192.168.1.1/setupWizard.asp" http://192.168.1.1/setupWizard.asp" ; "admin" – contains default username value "login.asp" B. While accessing the web interface, the login form at *Authorization Bypass – URL by "setupWizard.asp' while it blocks direct access to – the web interface does not properly validate user identity variables values located at the client side, it is available to access it without a "login_glag" and "login_status" checking browser and to read the admin user credentials for the web interface.
CVE-2022-44204 1 Dlink 2 Dir-3060, Dir-3060 Firmware 2022-11-21 N/A 9.8 CRITICAL
D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow.
CVE-2018-20432 1 Dlink 4 Covr-2600r, Covr-2600r Firmware, Covr-3902 and 1 more 2022-11-16 10.0 HIGH 9.8 CRITICAL
D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration.
CVE-2022-43109 1 Dlink 2 Dir-823g, Dir-823g Firmware 2022-11-04 N/A 9.8 CRITICAL
D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet.
CVE-2020-21016 1 Dlink 2 Dir-846, Dir-846 Firmware 2022-11-01 N/A 9.8 CRITICAL
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php.
CVE-2022-28958 1 Dlink 2 Dir-816l, Dir-816l Firmware 2022-10-29 7.5 HIGH 9.8 CRITICAL
** DISPUTED ** D-Link DIR816L_FW206b01 was discovered to contain a remote code execution (RCE) vulnerability via the value parameter at shareport.php. NOTE: this has been disputed by a third party.
CVE-2022-43003 1 Dlink 2 Dir-816, Dir-816 Firmware 2022-10-28 N/A 9.8 CRITICAL
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function.
CVE-2022-43001 1 Dlink 2 Dir-816, Dir-816 Firmware 2022-10-28 N/A 9.8 CRITICAL
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function.
CVE-2022-43002 1 Dlink 2 Dir-816, Dir-816 Firmware 2022-10-28 N/A 9.8 CRITICAL
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54.
CVE-2022-43000 1 Dlink 2 Dir-816, Dir-816 Firmware 2022-10-28 N/A 9.8 CRITICAL
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4.
CVE-2022-42999 1 Dlink 2 Dir-816, Dir-816 Firmware 2022-10-28 N/A 7.5 HIGH
D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm.
CVE-2022-42998 1 Dlink 2 Dir-816, Dir-816 Firmware 2022-10-28 N/A 9.8 CRITICAL
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd.