Filtered by vendor Dlink
Subscribe
Total
844 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-34974 | 1 Dlink | 2 Dir820la1, Dir820la1 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function. | |||||
CVE-2022-43109 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet. | |||||
CVE-2022-37123 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2023-12-10 | N/A | 8.8 HIGH |
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi. | |||||
CVE-2022-36588 | 1 Dlink | 2 Dap-1650, Dap-1650 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
In D-Link DAP1650 v1.04 firmware, the fileaccess.cgi program in the firmware has a buffer overflow vulnerability caused by strncpy. | |||||
CVE-2022-43184 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via the component /bin/proc.cgi. | |||||
CVE-2022-36526 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2023-12-10 | N/A | 7.5 HIGH |
D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Authentication Bypass via function phpcgi_main in cgibin. | |||||
CVE-2022-37056 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 is vulnerable to Command Injection via /cgibin, hnap_main, | |||||
CVE-2022-30521 | 1 Dlink | 2 Dir-890l, Dir-890l Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users easily. The attackers can exploit the vulnerability to carry out arbitrary code by means of sending a specially constructed payload to port 49152. | |||||
CVE-2022-29329 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap overflow via the devicename parameter in /goform/setDeviceSettings. | |||||
CVE-2022-27293 | 1 Dlink | 2 Dir-619, Dir-619 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter. | |||||
CVE-2021-31326 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2023-12-10 | 9.0 HIGH | 9.8 CRITICAL |
D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi. | |||||
CVE-2022-27290 | 1 Dlink | 2 Dir-619, Dir-619 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanDhcpplus. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. | |||||
CVE-2022-28955 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php. | |||||
CVE-2022-29322 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip. | |||||
CVE-2022-32092 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi. | |||||
CVE-2022-29325 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter. | |||||
CVE-2021-43474 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter in the HNAP1 function | |||||
CVE-2022-27287 | 1 Dlink | 2 Dir-619 Ax, Dir-619 Ax Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPPoE. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. | |||||
CVE-2022-27294 | 1 Dlink | 2 Dir-619, Dir-619 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanWizardSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter. | |||||
CVE-2022-1262 | 1 Dlink | 20 Dir-1360, Dir-1360 Firmware, Dir-1760 and 17 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root. |