← Back

Dlink

dlink

1,706 CVEs • 918 products

Products (918)

Click to collapse
Toggle
Dir 816 Firmware
dir-816_firmware
73 CVEs
Dir 605l Firmware
dir-605l_firmware
65 CVEs
Dir 619l Firmware
dir-619l_firmware
65 CVEs
Dir 823g Firmware
dir-823g_firmware
58 CVEs
Dap 2622 Firmware
dap-2622_firmware
54 CVEs
Dns 320 Firmware
dns-320_firmware
52 CVEs
Dir 513 Firmware
dir-513_firmware
47 CVEs
Dns 320lw Firmware
dns-320lw_firmware
45 CVEs
Dns 325 Firmware
dns-325_firmware
45 CVEs
Dns 340l Firmware
dns-340l_firmware
45 CVEs
Dns 343 Firmware
dns-343_firmware
43 CVEs
Dns 320l Firmware
dns-320l_firmware
42 CVEs
Dns 120 Firmware
dns-120_firmware
42 CVEs
Dnr 202l Firmware
dnr-202l_firmware
42 CVEs
Dns 315l Firmware
dns-315l_firmware
42 CVEs
Dns 321 Firmware
dns-321_firmware
42 CVEs
Dns 323 Firmware
dns-323_firmware
42 CVEs
Dns 326 Firmware
dns-326_firmware
42 CVEs
Dns 327l Firmware
dns-327l_firmware
42 CVEs
Dnr 326 Firmware
dnr-326_firmware
42 CVEs
Dns 345 Firmware
dns-345_firmware
42 CVEs
Dns 726 4 Firmware
dns-726-4_firmware
42 CVEs
Dns 1100 4 Firmware
dns-1100-4_firmware
42 CVEs
Dns 1200 05 Firmware
dns-1200-05_firmware
42 CVEs
Dns 1550 04 Firmware
dns-1550-04_firmware
42 CVEs
Dir 878 Firmware
dir-878_firmware
41 CVEs
Dir 823x Firmware
dir-823x_firmware
39 CVEs
Dap 1325 Firmware
dap-1325_firmware
37 CVEs
Dir 600l Firmware
dir-600l_firmware
36 CVEs
Di 8003 Firmware
di-8003_firmware
35 CVEs
Dir 882 Firmware
dir-882_firmware
31 CVEs
Dir 850l Firmware
dir-850l_firmware
27 CVEs
Di 8100 Firmware
di-8100_firmware
27 CVEs
Dir 3040 Firmware
dir-3040_firmware
25 CVEs
Dar 7000 Firmware
dar-7000_firmware
23 CVEs
Dir X3260 Firmware
dir-x3260_firmware
23 CVEs
Dwr M960 Firmware
dwr-m960_firmware
22 CVEs
Dns 322l Firmware
dns-322l_firmware
22 CVEs
Dnr 322l Firmware
dnr-322l_firmware
21 CVEs
Di 7003g Firmware
di-7003g_firmware
21 CVEs
G416 Firmware
g416_firmware
21 CVEs
Dir 868l Firmware
dir-868l_firmware
20 CVEs
Dir 825 Firmware
dir-825_firmware
19 CVEs
Dir 615 Firmware
dir-615_firmware
19 CVEs
D View 8
d-view_8
19 CVEs
Dcs 1130 Firmware
dcs-1130_firmware
18 CVEs
Dap 2020 Firmware
dap-2020_firmware
18 CVEs
Dsl 3782 Firmware
dsl-3782_firmware
17 CVEs
Dir 2150 Firmware
dir-2150_firmware
17 CVEs
Dap 1360 Firmware
dap-1360_firmware
16 CVEs
Dir 822 Firmware
dir-822_firmware
16 CVEs
Dir 865l Firmware
dir-865l_firmware
16 CVEs
Dwr M920 Firmware
dwr-m920_firmware
16 CVEs
Dir 816l Firmware
dir-816l_firmware
15 CVEs
Dir 820l Firmware
dir-820l_firmware
15 CVEs
Dir 815 Firmware
dir-815_firmware
15 CVEs
Go Rt Ac750 Firmware
go-rt-ac750_firmware
15 CVEs
Dir 1935 Firmware
dir-1935_firmware
15 CVEs
Di 7200g Firmware
di-7200g_firmware
15 CVEs
Dcs 932l Firmware
dcs-932l_firmware
14 CVEs
Dir 816 A2 Firmware
dir-816_a2_firmware
13 CVEs
Dir 846 Firmware
dir-846_firmware
13 CVEs
Di 7300g+ Firmware
di-7300g+_firmware
13 CVEs
Dir 645 Firmware
dir-645_firmware
12 CVEs
Dcs 1100 Firmware
dcs-1100_firmware
12 CVEs
Di 7400g+ Firmware
di-7400g+_firmware
12 CVEs
Dsr 250n Firmware
dsr-250n_firmware
11 CVEs
Dap 2695 Firmware
dap-2695_firmware
11 CVEs
Central Wifimanager
central_wifimanager
11 CVEs
Di 7100g+ Firmware
di-7100g+_firmware
11 CVEs
Dir 600 Firmware
dir-600_firmware
10 CVEs
Dwr 932b Firmware
dwr-932b_firmware
10 CVEs
Dir 860l Firmware
dir-860l_firmware
10 CVEs
Dir 890l Firmware
dir-890l_firmware
10 CVEs
Dsl 7740c Firmware
dsl-7740c_firmware
10 CVEs
Dir 882 A1 Firmware
dir-882_a1_firmware
10 CVEs
Dsr 250 Firmware
dsr-250_firmware
9 CVEs
Dsr 1000n Firmware
dsr-1000n_firmware
9 CVEs
Dir 809 Firmware
dir-809_firmware
9 CVEs
Dir 880l Firmware
dir-880l_firmware
9 CVEs
Dir 2640 Firmware
dir-2640_firmware
9 CVEs
Dir 845l Firmware
dir-845l_firmware
9 CVEs
Dsr 500 Firmware
dsr-500_firmware
8 CVEs
Dsr 150n Firmware
dsr-150n_firmware
8 CVEs
Dsr 150 Firmware
dsr-150_firmware
8 CVEs
Dsr 500n Firmware
dsr-500n_firmware
8 CVEs
Dir 818l(w) Firmware
dir-818l(w)_firmware
8 CVEs
Dir 300 Firmware
dir-300_firmware
8 CVEs
Dir 859 Firmware
dir-859_firmware
8 CVEs
Di 7200gv2 Firmware
di-7200gv2_firmware
8 CVEs
Dir 823 Pro Firmware
dir-823_pro_firmware
8 CVEs
Dir 619 Firmware
dir-619_firmware
8 CVEs
Dar 8000 Firmware
dar-8000_firmware
8 CVEs
Dir 853 Firmware
dir-853_firmware
8 CVEs
Dir 618 Firmware
dir-618_firmware
8 CVEs
Dcs 2121 Firmware
dcs-2121_firmware
7 CVEs
Dsr 1000 Firmware
dsr-1000_firmware
7 CVEs
Dap 2660 Firmware
dap-2660_firmware
7 CVEs
Dsl 2750u Firmware
dsl-2750u_firmware
7 CVEs
6600 Ap Firmware
6600-ap_firmware
7 CVEs

CVEs (1,706)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-17621
1Dlink
14Dir 818lx Firmware
Dir 822 FirmwareDir 823 Firmware+11 more
Jun 17, 2026
Dec 30, 2019
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE reque...Show more
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.Show less
CVE-2014-3136
1Dlink
1Dwr 113 Firmware
Nov 21, 2024
Dec 27, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password...Show more
Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors.Show less
CVE-2019-16327
1Dlink
1Dir 601 Firmware
Jun 17, 2026
Dec 26, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypass. They do not check for authentication at the server side and rely on client-side validation, which is bypassable. NOTE: this is an end-of-life prod...Show more
D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypass. They do not check for authentication at the server side and rely on client-side validation, which is bypassable. NOTE: this is an end-of-life product.Show less
CVE-2019-16326
1Dlink
1Dir 601 Firmware
Jun 17, 2026
Dec 26, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented. A remote attacker could exploit this in conjunction with CVE-2019-16327 to enable remote router management and device compromise. NOTE...Show more
D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented. A remote attacker could exploit this in conjunction with CVE-2019-16327 to enable remote router management and device compromise. NOTE: this is an end-of-life product.Show less
CVE-2019-6014
1Dlink
1Dba 1510p Firmware
Jun 17, 2026
Dec 26, 2019
N/A· v4
8.8 HIGH· v3
8.3 HIGH· v2
DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface.
CVE-2019-6013
1Dlink
1Dba 1510p Firmware
Jun 17, 2026
Dec 26, 2019
N/A· v4
6.6 MEDIUM· v3
6.8 MEDIUM· v2
DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI).
CVE-2019-19742
1Dlink
1Dir 615 Firmware
Jun 17, 2026
Dec 18, 2019
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field.
CVE-2019-19743
1Dlink
1Dir 615 T1 Firmware
Jun 17, 2026
Dec 16, 2019
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal.
CVE-2019-19598
1Dlink
1Dap 1860 Firmware
Jun 17, 2026
Dec 5, 2019
N/A· v4
8.8 HIGH· v3
8.3 HIGH· v2
D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used t...Show more
D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to the value stored in the device's /var/hnap/timestamp file, the request will pass the HNAP_AUTH check function.Show less
CVE-2019-19597
1Dlink
1Dap 1860 Firmware
Jun 17, 2026
Dec 5, 2019
N/A· v4
8.8 HIGH· v3
8.3 HIGH· v2
D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header.
CVE-2019-18852
1Dlink
7Dir 600 B1 Firmware
Dir 615 J1 FirmwareDir 645 A1 Firmware+4 more
Jun 17, 2026
Nov 11, 2019
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1...Show more
Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00.Show less
CVE-2013-4857
1Dlink
1Dir 865l Firmware
Nov 21, 2024
Oct 25, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
D-Link DIR-865L has PHP File Inclusion in the router xml file.
CVE-2013-4856
1Dlink
1Dir 865l Firmware
Nov 21, 2024
Oct 25, 2019
N/A· v4
6.5 MEDIUM· v3
2.9 LOW· v2
D-Link DIR-865L has Information Disclosure.
CVE-2013-4855
1Dlink
1Dir 865l Firmware
Nov 21, 2024
Oct 25, 2019
N/A· v4
8.8 HIGH· v3
7.9 HIGH· v2
D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.
CVE-2019-17512
1Dlink
1Dir 412 Firmware
Jun 17, 2026
Oct 16, 2019
N/A· v4
9.1 CRITICAL· v3
6.4 MEDIUM· v2
There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can clear the router's log file via act=clear&logtype=sysact to log_clear.php, which could be used to era...Show more
There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can clear the router's log file via act=clear&logtype=sysact to log_clear.php, which could be used to erase attack traces.Show less
CVE-2017-14948
1Dlink
6Dir 868l Firmware
Dir 880l FirmwareDir 885l Firmware+3 more
Nov 21, 2024
Oct 14, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector...Show more
Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with ''boundary=' followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution.Show less
CVE-2019-17511
1Dlink
1Dir 412 Firmware
Jun 17, 2026
Oct 14, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can get the router's log file via log_get.php, which could be used to discover the intranet network struc...Show more
There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can get the router's log file via log_get.php, which could be used to discover the intranet network structure.Show less
CVE-2019-17510
1Dlink
1Dir 846 Firmware
Jun 17, 2026
Oct 11, 2019
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell metacharacters to /squas...Show more
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell metacharacters to /squashfs-root/www/HNAP1/control/SetWizardConfig.php.Show less
CVE-2019-17509
1Dlink
1Dir 846 Firmware
Jun 17, 2026
Oct 11, 2019
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to...Show more
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php.Show less
CVE-2019-17508
1Dlink
2Dir 850l A Firmware
Dir 859 A3 Firmware
Jun 17, 2026
Oct 11, 2019
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable.