Filtered by vendor Dlink
Subscribe
Total
844 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-27295 | 1 Dlink | 2 Dir-619, Dir-619 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formAdvanceSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter. | |||||
CVE-2022-28896 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | |||||
CVE-2022-28573 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the system_time_timezone parameter. | |||||
CVE-2022-27289 | 1 Dlink | 2 Dir-619, Dir-619 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanL2TP. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. | |||||
CVE-2018-18907 | 1 Dlink | 2 Dir-850l, Dir-850l Firmare | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered on D-Link DIR-850L 1.21WW devices. A partially completed WPA handshake is sufficient for obtaining full access to the wireless network. A client can access the network by sending packets on Data Frames to the AP without encryption. | |||||
CVE-2022-29328 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack overflow via the function checkvalidupgrade. | |||||
CVE-2022-28571 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2023-12-10 | 5.8 MEDIUM | 9.8 CRITICAL |
D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli. | |||||
CVE-2022-29324 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd. | |||||
CVE-2021-46353 | 1 Dlink | 2 Dir-x1860, Dir-x1860 Firmware | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote unauthenticated attacker to send a specially crafted HTTP request and gain knowledge of different absolute paths that are being used by the web application. | |||||
CVE-2021-45382 | 1 Dlink | 12 Dir-810l, Dir-810l Firmware, Dir-820l and 9 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all hardware revisions, have reached their End of Life ("EOL") /End of Service Life ("EOS") Life-Cycle and as such this issue will not be patched. | |||||
CVE-2021-46319 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use "\ " or backticks to bypass the shell metacharacters in the ssid0 or ssid1 parameters to execute arbitrary commands.This vulnerability is due to the fact that CVE-2019-17509 is not fully patched and can be bypassed by using line breaks or backticks on its basis. | |||||
CVE-2021-46314 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backticks can be used for command injection when judging whether it is a reasonable domain name. | |||||
CVE-2022-27291 | 1 Dlink | 2 Dir-619, Dir-619 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formdumpeasysetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the config.save_network_enabled parameter. | |||||
CVE-2022-26670 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2023-12-10 | 8.3 HIGH | 8.8 HIGH |
D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to control the system or disrupt service. | |||||
CVE-2022-28895 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | |||||
CVE-2022-26258 | 1 Dlink | 2 Dir-820l, Dir-820l Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp. | |||||
CVE-2022-25106 | 1 Dlink | 4 Dir-859, Dir-859 A3, Dir-859 A3 Firmware and 1 more | 2023-12-10 | 7.1 HIGH | 5.5 MEDIUM |
D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. | |||||
CVE-2022-28901 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | |||||
CVE-2021-46381 | 1 Dlink | 2 Dap-1620, Dap-1620 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow]. | |||||
CVE-2021-46108 | 1 Dlink | 2 Dsl-2730e, Dsl-2730e Firmware | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
D-Link DSL-2730E CT-20131125 devices allow XSS via the username parameter to the password page in the maintenance configuration. |