Dlink

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-40719 1Dlink 1Dir 2150 Firmware Jun 17, 2026 Jan 26, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific fl...Show more This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd_generic.lua plugin for the xupnpd service, which listens on TCP port 4044 by default. When parsing the feed parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15906.Show less
CVE-2022-40718 1Dlink 1Dir 2150 Firmware Jun 17, 2026 Jan 26, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...Show more This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15728.Show less
CVE-2022-40717 1Dlink 1Dir 2150 Firmware Jun 17, 2026 Jan 26, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...Show more This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15727.Show less
CVE-2022-46476 1Dlink 1Dir 859 A1 Firmware Jun 17, 2026 Jan 19, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function.
CVE-2022-46475 1Dlink 1Dir 645 Firmware Jun 17, 2026 Jan 17, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack overflow via the service= variable in the genacgi_main function.
CVE-2022-46570 1Dlink 1Dir 882 A1 Firmware Jun 17, 2026 Dec 23, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWan3Settings module.
CVE-2022-46569 1Dlink 1Dir 882 A1 Firmware Jun 17, 2026 Dec 23, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Key parameter in the SetWLanRadioSecurity module.
CVE-2022-46568 1Dlink 1Dir 882 A1 Firmware Jun 17, 2026 Dec 23, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the AccountPassword parameter in the SetSysEmailSettings module.
CVE-2022-46566 1Dlink 1Dir 882 A1 Firmware Jun 17, 2026 Dec 23, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetQuickVPNSettings module.
CVE-2022-46563 1Dlink 1Dir 882 A1 Firmware Jun 17, 2026 Dec 23, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetDynamicDNSSettings module.
CVE-2022-46562 1Dlink 1Dir 882 A1 Firmware Jun 17, 2026 Dec 23, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the PSK parameter in the SetQuickVPNSettings module.
CVE-2022-46561 1Dlink 1Dir 882 A1 Firmware Jun 17, 2026 Dec 23, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWanSettings module.
CVE-2022-46560 1Dlink 1Dir 882 A1 Firmware Jun 17, 2026 Dec 23, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWan2Settings module.
CVE-2022-46642 1Dlink 1Dir 846 Firmware Jun 17, 2026 Dec 23, 2022 N/A· v4 9.9 CRITICAL· v3 N/A· v2 D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the auto_upgrade_hour parameter in the SetAutoUpgradeInfo function.
CVE-2022-46641 1Dlink 1Dir 846 Firmware Jun 17, 2026 Dec 23, 2022 N/A· v4 9.9 CRITICAL· v3 N/A· v2 D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the lan(0)_dhcps_staticlist parameter in the SetIpMacBindSettings function.
CVE-2022-38873 1Dlink 9Dap 2310 Firmware Dap 2330 FirmwareDap 2360 Firmware+6 more Jun 17, 2026 Dec 20, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106 and earlier, DAP-269...Show more D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106 and earlier, DAP-2695 v1.20rc119_beta31 and earlier, DAP-3320 v1.05rc027 beta and earlier, DAP-3662 v1.05rc047 and earlier allows attackers to cause a Denial of Service (DoS) via uploading a crafted firmware after modifying the firmware header.Show less
CVE-2022-46076 1Dlink 2Dir 869 Firmware Dir 869ax Firmware Jun 17, 2026 Dec 20, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 D-Link DIR-869 DIR869Ax_FW102B15 is vulnerable to Authentication Bypass via phpcgi.
CVE-2022-44832 1Dlink 1Dir 3040 Firmware Jun 17, 2026 Dec 14, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function.
CVE-2022-44930 1Dlink 1Dhp W310av Firmware Jun 17, 2026 Dec 2, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function.
CVE-2022-40799 1Dlink 1Dnr 322l Firmware Jun 17, 2026 Nov 29, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device.

Previous 1...565758...86 Next