← Back

D Link

d-link

112 CVEs • 127 products

Products (127)

Click to collapse
Toggle
Dsl 3782 Firmware
dsl-3782_firmware
7 CVEs
Dir 823g Firmware
dir-823g_firmware
5 CVEs
Dir 822 Firmware
dir-822_firmware
5 CVEs
Di 604
di-604
4 CVEs
Di 614+
di-614+
3 CVEs
Dsl G604t
dsl-g604t
3 CVEs
Dsl G624t
dsl-g624t
3 CVEs
Dir 818l(w) Firmware
dir-818l(w)_firmware
3 CVEs
Dir 615 Firmware
dir-615_firmware
3 CVEs
Dvg N5402sp Firmware
dvg-n5402sp_firmware
3 CVEs
Dnr 326 Firmware
dnr-326_firmware
3 CVEs
Dns 327l Firmware
dns-327l_firmware
3 CVEs
Dir 620 Firmware
dir-620_firmware
3 CVEs
Dcs 825l Firmware
dcs-825l_firmware
3 CVEs
Dir 878 Firmware
dir-878_firmware
3 CVEs
Dl 704
dl-704
2 CVEs
Dwl 1000ap
dwl-1000ap
2 CVEs
Di 804
di-804
2 CVEs
Dwl 900ap+
dwl-900ap+
2 CVEs
Di 784
di-784
2 CVEs
Dph 540
dph-540
2 CVEs
Dph 541
dph-541
2 CVEs
Dap 2253 Firmware
dap_2253_firmware
2 CVEs
Dap 2253
dap_2253
2 CVEs
Dcs 2103 Hd Cube Network Camera Firmware
dcs-2103_hd_cube_network_camera_firmware
2 CVEs
Dir 880l Firmware
dir-880l_firmware
2 CVEs
Dir 600m Firmware
dir-600m_firmware
2 CVEs
Dns 322l Firmware
dns-322l_firmware
2 CVEs
Dns 320l Firmware
dns-320l_firmware
2 CVEs
Dir 130 Firmware
dir-130_firmware
2 CVEs
Dir 330 Firmware
dir-330_firmware
2 CVEs
Dir 816 A2 Firmware
dir-816_a2_firmware
2 CVEs
Dir 550a Firmware
dir-550a_firmware
2 CVEs
Dir 604m Firmware
dir-604m_firmware
2 CVEs
Dir 809 A1 Firmware
dir-809_a1_firmware
2 CVEs
Dir 809 A2 Firmware
dir-809_a2_firmware
2 CVEs
Dir 809 Guestzone Firmware
dir-809_guestzone_firmware
2 CVEs
Dir 619l Firmware
dir-619l_firmware
2 CVEs
Dir 605l Firmware
dir-605l_firmware
2 CVEs
Dir 868l Firmware
dir-868l_firmware
2 CVEs
Dvg G5402sp Firmware
dvg-g5402sp_firmware
2 CVEs
Dp 303
dp-303
1 CVE
Di 624
di-624
1 CVE
Dcs 900 Internet Camera
dcs-900_internet_camera
1 CVE
Di 704p
di-704p
1 CVE
Dsl 502t
dsl-502t
1 CVE
Dsl 504t
dsl-504t
1 CVE
Dsl 562t
dsl-562t
1 CVE
Di 524
di-524
1 CVE
Dwl G700ap
dwl-g700ap
1 CVE
Dsa 3100 Airspot Gateway
dsa-3100_airspot_gateway
1 CVE
Dwl 2100ap
dwl-2100ap
1 CVE
Di 604 Broadband Router
di-604_broadband_router
1 CVE
Ebr 2310 Ethernet Broadband Router
ebr-2310_ethernet_broadband_router
1 CVE
Wbr 1310 Wireless G Router
wbr-1310_wireless_g_router
1 CVE
Wbr 2310 Rangebooster G Router
wbr-2310_rangebooster_g_router
1 CVE
Dwl G132
dwl-g132
1 CVE
Dwl 2000ap+
dwl-2000ap+
1 CVE
Tftp Server
tftp_server
1 CVE
Dir 100
dir-100
1 CVE
Mpeg4 Shm Audio Control
mpeg4_shm_audio_control
1 CVE
Dir 400
dir-400
1 CVE
Dkvm Ip8
dkvm-ip8
1 CVE
Dir 655 Firmware
dir-655_firmware
1 CVE
Dir 655
dir-655
1 CVE
Dir 850l Firmare
dir-850l_firmare
1 CVE
Dir 895l Firmware
dir-895l_firmware
1 CVE
Dir 817l(w) Firmware
dir-817l(w)_firmware
1 CVE
Dir 890l Firmware
dir-890l_firmware
1 CVE
Dir 823 Firmware
dir-823_firmware
1 CVE
Dir 885l Firmware
dir-885l_firmware
1 CVE
Di 524 Firmware
di-524_firmware
1 CVE
Dap 1353 H/w B1 Firmware
dap-1353_h/w_b1_firmware
1 CVE
Dap 2553 H/w A1 Firmware
dap-2553_h/w_a1_firmware
1 CVE
Dap 3520 H/w A1 Firmware
dap-3520_h/w_a1_firmware
1 CVE
Dns 325 Firmware
dns-325_firmware
1 CVE
Dns 345 Firmware
dns-345_firmware
1 CVE
Dns 320b Firmware
dns-320b_firmware
1 CVE
Dns 320lw Firmware
dns-320lw_firmware
1 CVE
Dnr 320l Firmware
dnr-320l_firmware
1 CVE
Dir 600l Firmware
dir-600l_firmware
1 CVE
Dcs 936l
dcs-936l
1 CVE
Dsl 2540u Firmware
dsl-2540u_firmware
1 CVE
Dsl 2640u Firmware
dsl-2640u_firmware
1 CVE
Dir 600m C1 Firmware
dir-600m_c1_firmware
1 CVE
Mydlink+
mydlink+
1 CVE
Dir 615 T1 Firmware
dir-615_t1_firmware
1 CVE
Dir 629 B Firmware
dir-629-b_firmware
1 CVE
Dir 885l/r Firmware
dir-885l/r_firmware
1 CVE
Dir 895l/r Firmware
dir-895l/r_firmware
1 CVE
Dir 846 Firmware
dir-846_firmware
1 CVE
Dsl 2640t Firmware
dsl-2640t_firmware
1 CVE
Dcs 936l Firmware
dcs-936l_firmware
1 CVE
Dcs 8000lh Firmware
dcs-8000lh_firmware
1 CVE
Dcs 942lb1 Firmware
dcs-942lb1_firmware
1 CVE
Dcs 5222l Firmware
dcs-5222l_firmware
1 CVE
Dcs 2630l Firmware
dcs-2630l_firmware
1 CVE
Dcs 820l Firmware
dcs-820l_firmware
1 CVE
Dcs 855l Firmware
dcs-855l_firmware
1 CVE
Dcs 2121 Firmware
dcs-2121_firmware
1 CVE

CVEs (112)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-11013
1D Link
1Dir 816 A2 Firmware
Nov 21, 2024
May 13, 2018
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a l...Show more
Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header.Show less
CVE-2018-10996
1D Link
1Dir 629 B Firmware
Nov 21, 2024
May 12, 2018
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout request involving a long...Show more
The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout request involving a long REMOTE_ADDR environment variable.Show less
CVE-2018-10750
1D Link
1Dsl 3782 Firmware
Nov 21, 2024
May 4, 2018
N/A· v4
8.8 HIGH· v3
9.3 HIGH· v2
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet <n...Show more
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.Show less
CVE-2018-10749
1D Link
1Dsl 3782 Firmware
Nov 21, 2024
May 4, 2018
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'commit' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'commit <node_na...Show more
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'commit' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'commit <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.Show less
CVE-2018-10748
1D Link
1Dsl 3782 Firmware
Nov 21, 2024
May 4, 2018
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'show' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'show <node_name>'...Show more
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'show' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'show <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.Show less
CVE-2018-10747
1D Link
1Dsl 3782 Firmware
Nov 21, 2024
May 4, 2018
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'unset <node_nam...Show more
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'unset <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.Show less
CVE-2018-10746
1D Link
1Dsl 3782 Firmware
Nov 21, 2024
May 4, 2018
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'get' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'get <node_name att...Show more
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'get' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'get <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.Show less
CVE-2018-10713
1D Link
1Dsl 3782 Firmware
Nov 21, 2024
May 3, 2018
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'read' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'read <node_name>'...Show more
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'read' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'read <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.Show less
CVE-2018-10431
1D Link
1Dir 615 Firmware
Nov 21, 2024
Apr 26, 2018
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen.
CVE-2018-10110
1D Link
1Dir 615 T1 Firmware
Nov 21, 2024
Apr 18, 2018
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
D-Link DIR-615 T1 devices allow XSS via the Add User feature.
CVE-2018-8941
1D Link
1Dsl 3782 Firmware
Nov 21, 2024
Apr 3, 2018
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. 1.01 has a buffer overflow, allowing authenticated remote attackers to execute arbitrary code via a long Addr value to the 'set Diagnostics_Entry'...Show more
Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. 1.01 has a buffer overflow, allowing authenticated remote attackers to execute arbitrary code via a long Addr value to the 'set Diagnostics_Entry' function in an HTTP request, related to /userfs/bin/tcapi.Show less
CVE-2018-7698
1D Link
1Mydlink+
Nov 21, 2024
Mar 5, 2018
N/A· v4
8.1 HIGH· v3
4.3 MEDIUM· v2
An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05.04 devices. The mydlink+ app sends the username and password for connected D-Link cameras (such as DCS-933L and DCS-934L)...Show more
An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05.04 devices. The mydlink+ app sends the username and password for connected D-Link cameras (such as DCS-933L and DCS-934L) unencrypted from the app to the camera, allowing attackers to obtain these credentials and gain control of the camera including the ability to view the camera's stream and make changes without the user's knowledge.Show less
CVE-2018-6936
1D Link
1Dir 600m C1 Firmware
Nov 21, 2024
Feb 21, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account.
CVE-2018-5371
1D Link
2Dsl 2540u Firmware
Dsl 2640u Firmware
Nov 21, 2024
Jan 12, 2018
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in...Show more
diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request.Show less
CVE-2017-3192
1D Link
2Dir 130 Firmware
Dir 330 Firmware
May 13, 2026
Dec 16, 2017
N/A· v4
9.8 CRITICAL· v3
5.0 MEDIUM· v2
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the return...Show more
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device.Show less
CVE-2017-3191
1D Link
2Dir 130 Firmware
Dir 330 Firmware
May 13, 2026
Dec 16, 2017
N/A· v4
9.8 CRITICAL· v3
5.0 MEDIUM· v2
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate t...Show more
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials.Show less
CVE-2017-7851
1D Link
1Dcs 936l
May 13, 2026
Nov 15, 2017
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header.
CVE-2016-10405
1D Link
1Dir 600l Firmware
May 13, 2026
Sep 7, 2017
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2014-7860
1D Link
2Dns 320l Firmware
Dns 327l Firmware
May 13, 2026
Aug 25, 2017
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to...Show more
The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and access_token.Show less
CVE-2014-7859
1D Link
5Dnr 320l Firmware
Dnr 326 FirmwareDns 320lw Firmware+2 more
May 13, 2026
Aug 25, 2017
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to e...Show more
Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and "Referer" header values.Show less