Dlink

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-10822 1Dlink 8Dir 140l Firmware Dir 640l FirmwareDwr 111 Firmware+5 more Nov 21, 2024 Oct 17, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02,...Show more Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190.Show less
CVE-2018-17443 1Dlink 1Central Wifimanager Nov 21, 2024 Oct 8, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS.
CVE-2018-17442 1Dlink 1Central Wifimanager Nov 21, 2024 Oct 8, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code.
CVE-2018-17441 1Dlink 1Central Wifimanager Nov 21, 2024 Oct 8, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS.
CVE-2018-17440 1Dlink 1Central Wifimanager Nov 21, 2024 Oct 8, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a rem...Show more An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request.Show less
CVE-2018-17068 1Dlink 1Dir 816 A2 Firmware Nov 21, 2024 Sep 15, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection...Show more An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter.Show less
CVE-2018-17067 1Dlink 1Dir 816 A2 Firmware Nov 21, 2024 Sep 15, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address.
CVE-2018-17066 1Dlink 1Dir 816 A2 Firmware Nov 21, 2024 Sep 15, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command in...Show more An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter.Show less
CVE-2018-17065 1Dlink 1Dir 816 A2 Firmware Nov 21, 2024 Sep 15, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address.
CVE-2018-17064 1Dlink 1Dir 816 A2 Firmware Nov 21, 2024 Sep 15, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command inje...Show more An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is invoked.Show less
CVE-2018-17063 1Dlink 1Dir 816 A2 Firmware Nov 21, 2024 Sep 15, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command...Show more An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters.Show less
CVE-2018-16605 1Dlink 1Dir 600m Firmware Nov 21, 2024 Sep 12, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 D-Link DIR-600M devices allow XSS via the Hostname and Username fields in the Dynamic DNS Configuration page.
CVE-2018-12710 1Dlink 1Dir 601 Firmware Nov 21, 2024 Aug 29, 2018 N/A· v4 8.0 HIGH· v3 2.7 LOW· v2 An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to...Show more An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the admin password being displayed in XML.Show less
CVE-2018-15839 1Dlink 1Dir 615 Firmware Nov 21, 2024 Aug 28, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header.
CVE-2018-15875 1Dlink 1Dir 615 Firmware Nov 21, 2024 Aug 25, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request.
CVE-2018-15874 1Dlink 1Dir 615 Firmware Nov 21, 2024 Aug 25, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request.
CVE-2017-11564 1Dlink 1Eyeon Baby Monitor Firmware Nov 21, 2024 Aug 24, 2018 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 The D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has multiple command injection vulnerabilities in the web service framework. An attacker can forge malicious HTTP requests to execute commands; authentication is required b...Show more The D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has multiple command injection vulnerabilities in the web service framework. An attacker can forge malicious HTTP requests to execute commands; authentication is required before executing the attack.Show less
CVE-2017-11563 1Dlink 1Eyeon Baby Monitor Firmware Nov 21, 2024 Aug 24, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. A UDP "Discover" service, which provides multiple functions such as changing the passwords and getting basic information, was install...Show more D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. A UDP "Discover" service, which provides multiple functions such as changing the passwords and getting basic information, was installed on the device. A remote attacker can send a crafted UDP request to finderd to perform stack overflow and execute arbitrary code with root privilege on the device.Show less
CVE-2016-6563 1Dlink 9Dir 818l(w) Firmware Dir 822 FirmwareDir 823 Firmware+6 more Nov 21, 2024 Jul 13, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPasswo...Show more Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.Show less
CVE-2018-12103 2D Link Dlink 3Dir 885l/r Firmware Dir 890l FirmwareDir 895l/r Firmware Nov 21, 2024 Jul 5, 2018 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisio...Show more An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point.Show less

Previous 1...787980...86 Next