← Back

Dwr 912 Firmware

dwr-912_firmware

Vendor: Dlink • 3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-10824
1Dlink
8Dir 140l Firmware
Dir 640l FirmwareDwr 111 Firmware+5 more
Nov 21, 2024
Oct 17, 2018
N/A· v4
9.8 CRITICAL· v3
5.0 MEDIUM· v2
An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devic...Show more
An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0 file. An attacker having a directory traversal (or LFI) can easily get full router access.Show less
CVE-2018-10823
1Dlink
4Dwr 111 Firmware
Dwr 116 FirmwareDwr 512 Firmware+1 more
Nov 21, 2024
Oct 17, 2018
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbi...Show more
An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.Show less
CVE-2018-10822
1Dlink
8Dir 140l Firmware
Dir 640l FirmwareDwr 111 Firmware+5 more
Nov 21, 2024
Oct 17, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02,...Show more
Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190.Show less