Dlink

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-25279 1Dlink 1Dir 820l Firmware Jun 17, 2026 Mar 13, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload.
CVE-2023-24762 1Dlink 1Dir 867 Firmware Jun 17, 2026 Mar 13, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 allows attackers to execute arbitrary commands via a crafted LocalIPAddress parameter for the SetVirtualServerSettings to HNAP1.
CVE-2023-25283 1Dlink 1Dir 820l Firmware Jun 17, 2026 Mar 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A stack overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the reserveDHCP_HostName_1.1.1.0 parameter to lan.asp.
CVE-2023-0127 1Dlink 1Dwl 2600ap Firmware Jun 17, 2026 Feb 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A command injection vulnerability in the firmware_update command, in the device's restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root.
CVE-2023-24352 1Dlink 1Dir 605l Firmware Jun 17, 2026 Feb 10, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWPS.
CVE-2023-24351 1Dlink 1Dir 605l Firmware Jun 17, 2026 Feb 10, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the FILECODE parameter at /goform/formLogin.
CVE-2023-24350 1Dlink 1Dir 605l Firmware Jun 17, 2026 Feb 10, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the config.smtp_email_subject parameter at /goform/formSetEmail.
CVE-2023-24349 1Dlink 1Dir 605l Firmware Jun 17, 2026 Feb 10, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetRoute.
CVE-2023-24348 1Dlink 1Dir 605l Firmware Jun 17, 2026 Feb 10, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetACLFilter.
CVE-2023-24347 1Dlink 1Dir 605l Firmware Jun 17, 2026 Feb 10, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formSetWanDhcpplus.
CVE-2023-24346 1Dlink 1Dir 605l Firmware Jun 17, 2026 Feb 10, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the wan_connected parameter at /goform/formEasySetupWizard3.
CVE-2023-24345 1Dlink 1Dir 605l Firmware Jun 17, 2026 Feb 10, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetWanDhcpplus.
CVE-2023-24344 1Dlink 1Dir 605l Firmware Jun 17, 2026 Feb 10, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWlanGuestSetup.
CVE-2023-24343 1Dlink 1Dir 605l Firmware Jun 17, 2026 Feb 10, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSchedule.
CVE-2022-46552 1Dlink 1Dir 846 Firmware Jun 17, 2026 Feb 2, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request.
CVE-2022-47035 1Dlink 1Dir 825 Firmware Jun 17, 2026 Jan 31, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint.
CVE-2022-48108 1Dlink 1Dir 878 Firmware Jun 17, 2026 Jan 27, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payl...Show more D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload.Show less
CVE-2022-48107 1Dlink 1Dir 878 Firmware Jun 17, 2026 Jan 27, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress. This vulnerability allows attackers to escalate privileges to root via a crafted paylo...Show more D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress. This vulnerability allows attackers to escalate privileges to root via a crafted payload.Show less
CVE-2022-41140 1Dlink 3Dir 867 Firmware Dir 878 FirmwareDir 882 Us Firmware Jun 17, 2026 Jan 26, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists...Show more This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13796.Show less
CVE-2022-40720 1Dlink 1Dir 2150 Firmware Jun 17, 2026 Jan 26, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific fl...Show more This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on TCP port 4044 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the router. Was ZDI-CAN-15935.Show less

Previous 1...555657...86 Next