Filtered by vendor Dlink
Subscribe
Total
844 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46455 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStationSettings. This vulnerability allows attackers to execute arbitrary commands via the station_access_enable parameter. | |||||
| CVE-2021-46233 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function msp_info.htm. This vulnerability allows attackers to execute arbitrary commands via the cmd parameter. | |||||
| CVE-2021-46452 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via the tomography_ping_address, tomography_ping_number, tomography_ping_size, tomography_ping_timeout, and tomography_ping_ttl parameters. | |||||
| CVE-2021-46231 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function urlrd_opt.asp. This vulnerability allows attackers to execute arbitrary commands via the url_en parameter. | |||||
| CVE-2021-34863 | 1 Dlink | 2 Dap-2020, Dap-2020 Firmware | 2023-12-10 | 5.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:page parameter provided to the webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13271. | |||||
| CVE-2021-40654 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page | |||||
| CVE-2021-46227 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function proxy_client.asp. This vulnerability allows attackers to execute arbitrary commands via the proxy_srv, proxy_srvport, proxy_lanip, proxy_lanport parameters. | |||||
| CVE-2021-44880 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882_FW1.30B06_Hotfix_02 were discovered to contain a command injection vulnerability in the system function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. | |||||
| CVE-2021-44882 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. | |||||
| CVE-2021-46226 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function wget_test.asp. This vulnerability allows attackers to execute arbitrary commands via the url parameter. | |||||
| CVE-2021-46228 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpd_debug.asp. This vulnerability allows attackers to execute arbitrary commands via the time parameter. | |||||
| CVE-2021-20133 | 1 Dlink | 2 Dir-2640-us, Dir-2640-us Firmware | 2023-12-10 | 7.1 HIGH | 6.1 MEDIUM |
| Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set the "message of the day" banner to any file on the system, allowing them to read all or some of the contents of those files. Such sensitive information as hashed credentials, hardcoded plaintext passwords for other services, configuration files, and private keys can be disclosed in this fashion. Improper handling of filenames that identify virtual resources, such as "/dev/urandom" allows an attacker to effect a denial of service attack against the command line interfaces of the Quagga services (zebra and ripd). | |||||
| CVE-2021-46456 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanACLSettings. This vulnerability allows attackers to execute arbitrary commands via the wl(0).(0)_maclist parameter. | |||||
| CVE-2021-21913 | 1 Dlink | 2 Dir-3040, Dir-3040 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to command execution. An attacker can connect to the MQTT service to trigger this vulnerability. | |||||
| CVE-2021-46229 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function usb_paswd.asp. This vulnerability allows attackers to execute arbitrary commands via the name parameter. | |||||
| CVE-2021-45998 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the LocalIPAddress parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. | |||||
| CVE-2021-41753 | 1 Dlink | 4 Dir-x1560, Dir-x1560 Firmware, Dir-x6060 and 1 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1.04B04, and DIR-X6060, v1.11B04 allows a remote unauthenticated attacker to disconnect a wireless client via sending specific spoofed SAE authentication frames. | |||||
| CVE-2021-40284 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2023-12-10 | 6.8 MEDIUM | 6.5 MEDIUM |
| D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of service. This vulnerability exists in the web interface "/cgi-bin/New_GUI/Igmp.asp". Authenticated remote attackers can trigger this vulnerability by sending a long string in parameter 'igmpsnoopEnable' via an HTTP request. | |||||
| CVE-2021-27113 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters. | |||||
| CVE-2021-39509 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell metacharacters. | |||||