← Back

Dlink

dlink

1,706 CVEs • 918 products

Products (918)

Click to collapse
Toggle
Dir 816 Firmware
dir-816_firmware
73 CVEs
Dir 605l Firmware
dir-605l_firmware
65 CVEs
Dir 619l Firmware
dir-619l_firmware
65 CVEs
Dir 823g Firmware
dir-823g_firmware
58 CVEs
Dap 2622 Firmware
dap-2622_firmware
54 CVEs
Dns 320 Firmware
dns-320_firmware
52 CVEs
Dir 513 Firmware
dir-513_firmware
47 CVEs
Dns 320lw Firmware
dns-320lw_firmware
45 CVEs
Dns 325 Firmware
dns-325_firmware
45 CVEs
Dns 340l Firmware
dns-340l_firmware
45 CVEs
Dns 343 Firmware
dns-343_firmware
43 CVEs
Dns 320l Firmware
dns-320l_firmware
42 CVEs
Dns 120 Firmware
dns-120_firmware
42 CVEs
Dnr 202l Firmware
dnr-202l_firmware
42 CVEs
Dns 315l Firmware
dns-315l_firmware
42 CVEs
Dns 321 Firmware
dns-321_firmware
42 CVEs
Dns 323 Firmware
dns-323_firmware
42 CVEs
Dns 326 Firmware
dns-326_firmware
42 CVEs
Dns 327l Firmware
dns-327l_firmware
42 CVEs
Dnr 326 Firmware
dnr-326_firmware
42 CVEs
Dns 345 Firmware
dns-345_firmware
42 CVEs
Dns 726 4 Firmware
dns-726-4_firmware
42 CVEs
Dns 1100 4 Firmware
dns-1100-4_firmware
42 CVEs
Dns 1200 05 Firmware
dns-1200-05_firmware
42 CVEs
Dns 1550 04 Firmware
dns-1550-04_firmware
42 CVEs
Dir 878 Firmware
dir-878_firmware
41 CVEs
Dir 823x Firmware
dir-823x_firmware
39 CVEs
Dap 1325 Firmware
dap-1325_firmware
37 CVEs
Dir 600l Firmware
dir-600l_firmware
36 CVEs
Di 8003 Firmware
di-8003_firmware
35 CVEs
Dir 882 Firmware
dir-882_firmware
31 CVEs
Dir 850l Firmware
dir-850l_firmware
27 CVEs
Di 8100 Firmware
di-8100_firmware
27 CVEs
Dir 3040 Firmware
dir-3040_firmware
25 CVEs
Dar 7000 Firmware
dar-7000_firmware
23 CVEs
Dir X3260 Firmware
dir-x3260_firmware
23 CVEs
Dwr M960 Firmware
dwr-m960_firmware
22 CVEs
Dns 322l Firmware
dns-322l_firmware
22 CVEs
Dnr 322l Firmware
dnr-322l_firmware
21 CVEs
Di 7003g Firmware
di-7003g_firmware
21 CVEs
G416 Firmware
g416_firmware
21 CVEs
Dir 868l Firmware
dir-868l_firmware
20 CVEs
Dir 825 Firmware
dir-825_firmware
19 CVEs
Dir 615 Firmware
dir-615_firmware
19 CVEs
D View 8
d-view_8
19 CVEs
Dcs 1130 Firmware
dcs-1130_firmware
18 CVEs
Dap 2020 Firmware
dap-2020_firmware
18 CVEs
Dsl 3782 Firmware
dsl-3782_firmware
17 CVEs
Dir 2150 Firmware
dir-2150_firmware
17 CVEs
Dap 1360 Firmware
dap-1360_firmware
16 CVEs
Dir 822 Firmware
dir-822_firmware
16 CVEs
Dir 865l Firmware
dir-865l_firmware
16 CVEs
Dwr M920 Firmware
dwr-m920_firmware
16 CVEs
Dir 816l Firmware
dir-816l_firmware
15 CVEs
Dir 820l Firmware
dir-820l_firmware
15 CVEs
Dir 815 Firmware
dir-815_firmware
15 CVEs
Go Rt Ac750 Firmware
go-rt-ac750_firmware
15 CVEs
Dir 1935 Firmware
dir-1935_firmware
15 CVEs
Di 7200g Firmware
di-7200g_firmware
15 CVEs
Dcs 932l Firmware
dcs-932l_firmware
14 CVEs
Dir 816 A2 Firmware
dir-816_a2_firmware
13 CVEs
Dir 846 Firmware
dir-846_firmware
13 CVEs
Di 7300g+ Firmware
di-7300g+_firmware
13 CVEs
Dir 645 Firmware
dir-645_firmware
12 CVEs
Dcs 1100 Firmware
dcs-1100_firmware
12 CVEs
Di 7400g+ Firmware
di-7400g+_firmware
12 CVEs
Dsr 250n Firmware
dsr-250n_firmware
11 CVEs
Dap 2695 Firmware
dap-2695_firmware
11 CVEs
Central Wifimanager
central_wifimanager
11 CVEs
Di 7100g+ Firmware
di-7100g+_firmware
11 CVEs
Dir 600 Firmware
dir-600_firmware
10 CVEs
Dwr 932b Firmware
dwr-932b_firmware
10 CVEs
Dir 860l Firmware
dir-860l_firmware
10 CVEs
Dir 890l Firmware
dir-890l_firmware
10 CVEs
Dsl 7740c Firmware
dsl-7740c_firmware
10 CVEs
Dir 882 A1 Firmware
dir-882_a1_firmware
10 CVEs
Dsr 250 Firmware
dsr-250_firmware
9 CVEs
Dsr 1000n Firmware
dsr-1000n_firmware
9 CVEs
Dir 809 Firmware
dir-809_firmware
9 CVEs
Dir 880l Firmware
dir-880l_firmware
9 CVEs
Dir 2640 Firmware
dir-2640_firmware
9 CVEs
Dir 845l Firmware
dir-845l_firmware
9 CVEs
Dsr 500 Firmware
dsr-500_firmware
8 CVEs
Dsr 150n Firmware
dsr-150n_firmware
8 CVEs
Dsr 150 Firmware
dsr-150_firmware
8 CVEs
Dsr 500n Firmware
dsr-500n_firmware
8 CVEs
Dir 818l(w) Firmware
dir-818l(w)_firmware
8 CVEs
Dir 300 Firmware
dir-300_firmware
8 CVEs
Dir 859 Firmware
dir-859_firmware
8 CVEs
Di 7200gv2 Firmware
di-7200gv2_firmware
8 CVEs
Dir 823 Pro Firmware
dir-823_pro_firmware
8 CVEs
Dir 619 Firmware
dir-619_firmware
8 CVEs
Dar 8000 Firmware
dar-8000_firmware
8 CVEs
Dir 853 Firmware
dir-853_firmware
8 CVEs
Dir 618 Firmware
dir-618_firmware
8 CVEs
Dcs 2121 Firmware
dcs-2121_firmware
7 CVEs
Dsr 1000 Firmware
dsr-1000_firmware
7 CVEs
Dap 2660 Firmware
dap-2660_firmware
7 CVEs
Dsl 2750u Firmware
dsl-2750u_firmware
7 CVEs
6600 Ap Firmware
6600-ap_firmware
7 CVEs

CVEs (1,706)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-26810
1Dlink
1Dir 816 Firmware
Jun 17, 2026
Mar 30, 2021
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi, which can lead to...Show more
D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi, which can lead to command injection via shell metacharacters in the statuscheckpppoeuser parameter.Show less
CVE-2021-28143
1Dlink
1Dir 841 Firmware
Jun 17, 2026
Mar 11, 2021
N/A· v4
8.0 HIGH· v3
7.7 HIGH· v2
/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute (under System Tools).
CVE-2021-28144
1Dlink
1Dir 3060 Firmware
Jun 17, 2026
Mar 11, 2021
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls CheckArpTables, which calls popen u...Show more
prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls CheckArpTables, which calls popen unsafely.Show less
CVE-2020-27865
1Dlink
1Dap 1860 Firmware
Jun 17, 2026
Feb 12, 2021
N/A· v4
8.8 HIGH· v3
8.3 HIGH· v2
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerab...Show more
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uhttpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the device. Was ZDI-CAN-10894.Show less
CVE-2020-27864
1Dlink
1Dap 1860 Firmware
Jun 17, 2026
Feb 12, 2021
N/A· v4
8.8 HIGH· v3
8.3 HIGH· v2
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerab...Show more
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the Authorization request header, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-10880.Show less
CVE-2020-27863
1Dlink
2Dsl 2888a Firmware
Dva 2800 Firmware
Jun 17, 2026
Feb 12, 2021
N/A· v4
6.5 MEDIUM· v3
3.3 LOW· v2
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DVA-2800 and DSL-2888A routers. Authentication is not required to exploit this vulnerability. The...Show more
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DVA-2800 and DSL-2888A routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service, which listens on TCP port 8008 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10912.Show less
CVE-2020-27862
1Dlink
2Dsl 2888a Firmware
Dva 2800 Firmware
Jun 17, 2026
Feb 12, 2021
N/A· v4
8.8 HIGH· v3
5.8 MEDIUM· v2
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DVA-2800 and DSL-2888A routers. Authentication is not required to exploit this vulnerability. The specifi...Show more
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DVA-2800 and DSL-2888A routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service, which listens on TCP port 8008 by default. When parsing the path parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-10911.Show less
CVE-2020-18568
1Dlink
2Dsr 1000n Firmware
Dsr 250 Firmware
Jun 17, 2026
Feb 2, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution.
CVE-2020-25506
1Dlink
1Dns 320 Firmware
Jun 17, 2026
Feb 2, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution.
CVE-2020-29557
1Dlink
1Dir 825 R1 Firmware
Jun 17, 2026
Jan 29, 2021
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution.
CVE-2021-3182
1Dlink
1Dcs 5220 Firmware
Jun 17, 2026
Jan 19, 2021
N/A· v4
8.0 HIGH· v3
7.7 HIGH· v2
D-Link DCS-5220 devices have a buffer overflow. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2020-24577
1Dlink
1Dsl 2888a Firmware
Jun 17, 2026
Jan 8, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. The One Touch application discloses sensitive information, such as the hashed admin login password and the Internet provider...Show more
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. The One Touch application discloses sensitive information, such as the hashed admin login password and the Internet provider connection username and cleartext password, in the application's response body for a /tmp/var/passwd or /tmp/home/wan_stat URI.Show less
CVE-2019-12768
1Dlink
1Dap 1650 Firmware
Jun 17, 2026
Dec 30, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Attackers can bypass authentication via forceful browsing.
CVE-2020-24581
1Dlink
1Dsl2888a Firmware
Jun 17, 2026
Dec 22, 2020
N/A· v4
8.0 HIGH· v3
7.7 HIGH· v2
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It contains an execute_cmd.cgi feature (that is not reachable via the web user interface) that lets an authenticated user ex...Show more
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It contains an execute_cmd.cgi feature (that is not reachable via the web user interface) that lets an authenticated user execute Operating System commands.Show less
CVE-2020-24580
1Dlink
1Dsl2888a Firmware
Jun 17, 2026
Dec 22, 2020
N/A· v4
7.5 HIGH· v3
5.4 MEDIUM· v2
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Lack of authentication functionality allows an attacker to assign a static IP address that was once used by a valid user.
CVE-2020-24579
1Dlink
1Dsl2888a Firmware
Jun 17, 2026
Dec 22, 2020
N/A· v4
8.8 HIGH· v3
5.8 MEDIUM· v2
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality.
CVE-2020-24578
1Dlink
1Dsl2888a Firmware
Jun 17, 2026
Dec 22, 2020
N/A· v4
6.5 MEDIUM· v3
3.3 LOW· v2
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive file...Show more
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files (such as the password hash file).Show less
CVE-2020-25759
1Dlink
10Dsr 1000 Firmware
Dsr 1000ac FirmwareDsr 1000n Firmware+7 more
Jun 17, 2026
Dec 15, 2020
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation...Show more
An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests.Show less
CVE-2020-25758
1Dlink
10Dsr 1000 Firmware
Dsr 1000ac FirmwareDsr 1000n Firmware+7 more
Jun 17, 2026
Dec 15, 2020
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations b...Show more
An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root.Show less
CVE-2020-25757
1Dlink
10Dsr 1000 Firmware
Dsr 1000ac FirmwareDsr 1000n Firmware+7 more
Jun 17, 2026
Dec 15, 2020
N/A· v4
8.8 HIGH· v3
8.3 HIGH· v2
A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This...Show more
A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17.Show less