Dir 620 Firmware

dir-620_firmware

Vendor: D Link • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-6213 1D Link 1Dir 620 Firmware Nov 21, 2024 Jun 20, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account.
CVE-2018-6212 1D Link 1Dir 620 Firmware Nov 21, 2024 Jun 20, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filt...Show more On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of the XMLHttpRequest object.Show less
CVE-2018-6211 1D Link 1Dir 620 Firmware Nov 21, 2024 Jun 20, 2018 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf...Show more On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi.Show less