Filtered by vendor Dlink
Subscribe
Total
844 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-29323 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment. | |||||
CVE-2021-46441 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization. | |||||
CVE-2022-27292 | 1 Dlink | 2 Dir-619, Dir-619 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formLanguageChange. This vulnerability allows attackers to cause a Denial of Service (DoS) via the nextPage parameter. | |||||
CVE-2021-46378 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download. | |||||
CVE-2022-29326 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter. | |||||
CVE-2022-29321 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan. | |||||
CVE-2021-43722 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size. | |||||
CVE-2022-28915 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm. | |||||
CVE-2022-29332 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the "../../../../" setting of the FTP server folder to set the router's root folder for FTP access. This allows you to access the entire router file system via the FTP server. | |||||
CVE-2022-28956 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload. | |||||
CVE-2021-46379 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site. | |||||
CVE-2022-29327 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel. | |||||
CVE-2021-44127 | 1 Dlink | 2 Dap-1360, Dap-1360f1 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In DLink DAP-1360 F1 firmware version <=v6.10 in the "webupg" binary, an attacker can use the "file" parameter to execute arbitrary system commands when the parameter is "name=deleteFile" after being authorized. | |||||
CVE-2022-27286 | 1 Dlink | 2 Dir-619 Ax, Dir-619 Ax Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanNonLogin. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. | |||||
CVE-2021-46315 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this vulnerability to use "\ " or backticks in the shell metacharacters in the ssid0 or ssid1 parameters to cause arbitrary command execution. Since CVE-2019-17510 vulnerability has not been patched and improved www/hnap1/control/setwizardconfig.php, can also use line breaks and backquotes to bypass. | |||||
CVE-2021-33265 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2023-12-10 | 7.2 HIGH | 9.8 CRITICAL |
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80046eb4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request. | |||||
CVE-2021-46457 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function ChgSambaUserSettings. This vulnerability allows attackers to execute arbitrary commands via the samba_name parameter. | |||||
CVE-2021-33270 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_800462c4 in /formAdvFirewall. This vulnerability is triggered via a crafted POST request. | |||||
CVE-2021-20132 | 1 Dlink | 2 Dir-2640-us, Dir-2640-us Firmware | 2023-12-10 | 8.3 HIGH | 8.8 HIGH |
Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router (i.e., as the "admin" user, UID 0). | |||||
CVE-2020-25366 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2023-12-10 | 8.5 HIGH | 9.1 CRITICAL |
An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors. |