Dlink

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-7736 1Dlink 1Dir 600m Firmware Jun 17, 2026 Feb 11, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page. NOTE: this may overlap CVE-2019-13101.
CVE-2019-7390 1Dlink 1Dir 823g Firmware Jun 17, 2026 Feb 5, 2019 N/A· v4 8.6 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, wi...Show more An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via the SetWanSettings HNAP API.Show less
CVE-2019-7389 1Dlink 1Dir 823g Firmware Jun 17, 2026 Feb 5, 2019 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 An issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. There is incorrect access control allowing remote attackers to reset the router without authentication via the SetFactoryDefau...Show more An issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. There is incorrect access control allowing remote attackers to reset the router without authentication via the SetFactoryDefault HNAP API. Consequently, an attacker can achieve a denial-of-service attack without authentication.Show less
CVE-2019-7388 1Dlink 1Dir 823g Firmware Jun 17, 2026 Feb 5, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address) about all clients i...Show more An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address) about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an attacker can achieve information disclosure without authentication.Show less
CVE-2019-7298 1Dlink 1Dir 823g Firmware Jun 17, 2026 Feb 1, 2019 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNA...Show more An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body, such as a body of ' /bin/telnetd' for the GetDeviceSettingsset API function. Consequently, an attacker can execute any command remotely when they control this input.Show less
CVE-2018-15517 1Dlink 1Central Wifimanager Nov 21, 2024 Jan 31, 2019 N/A· v4 8.6 HIGH· v3 5.0 MEDIUM· v2 The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as dem...Show more The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI.Show less
CVE-2018-15516 1Dlink 1Central Wifimanager Nov 21, 2024 Jan 31, 2019 N/A· v4 5.8 MEDIUM· v3 3.5 LOW· v2 The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.
CVE-2018-15515 1Dlink 1Central Wifimanager Nov 21, 2024 Jan 31, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged lo...Show more The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges.Show less
CVE-2018-20675 1Dlink 4Dir 822 Us Firmware Dir 822 FirmwareDir 850l Firmware+1 more Nov 21, 2024 Jan 9, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass.
CVE-2018-20674 1Dlink 4Dir 822 Us Firmware Dir 822 FirmwareDir 850l Firmware+1 more Nov 21, 2024 Jan 9, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command e...Show more D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution.Show less
CVE-2018-20114 1Dlink 2Dir 818l(w) Firmware Dir 860l Firmware Nov 21, 2024 Jan 2, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter....Show more On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530.Show less
CVE-2018-20445 1Dlink 2Dcm 604 Firmware Dcm 704 Firmware Nov 21, 2024 Dec 25, 2018 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.32 and iso.3.6.1.4.1.4413.2.2.2.1.5.4.2....Show more D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.32 and iso.3.6.1.4.1.4413.2.2.2.1.5.4.2.4.1.2.32 SNMP requests.Show less
CVE-2018-18009 1Dlink 2Dir 140l Firmware Dir 640l Firmware Nov 21, 2024 Dec 21, 2018 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials.
CVE-2018-18008 1Dlink 7Dir 140l Firmware Dir 640l FirmwareDsl 2770l Firmware+4 more Nov 21, 2024 Dec 21, 2018 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials.
CVE-2018-18007 1Dlink 1Dsl 2770l Firmware Nov 21, 2024 Dec 21, 2018 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials.
CVE-2018-18767 2D Link Dlink 2Dcs 825l Firmware Mydlink Baby Camera Monitor Nov 21, 2024 Dec 20, 2018 N/A· v4 7.0 HIGH· v3 1.9 LOW· v2 An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 8...Show more An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and password) in base64 cleartext. An attacker could conduct an MitM attack on the local network and very easily obtain these credentials.Show less
CVE-2018-18441 2D Link Dlink 18Dcs 2102 Firmware Dcs 2121 FirmwareDcs 2630l Firmware+15 more Nov 21, 2024 Dec 20, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L,...Show more D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: <Camera-IP>/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings.Show less
CVE-2018-17777 1Dlink 1Dva 5592 Firmware Nov 21, 2024 Dec 18, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the co...Show more An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have access to the router control panel with administrator privileges.Show less
CVE-2018-10824 1Dlink 8Dir 140l Firmware Dir 640l FirmwareDwr 111 Firmware+5 more Nov 21, 2024 Oct 17, 2018 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devic...Show more An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0 file. An attacker having a directory traversal (or LFI) can easily get full router access.Show less
CVE-2018-10823 1Dlink 4Dwr 111 Firmware Dwr 116 FirmwareDwr 512 Firmware+1 more Nov 21, 2024 Oct 17, 2018 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbi...Show more An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.Show less

Previous 1...777879...86 Next