Filtered by vendor Dlink
Subscriptions
Total
1163 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43644 | 1 Dlink | 4 Dir-825\/ac, Dir-825\/ac Firmware, Dir-825\/ee and 1 more | 2025-02-14 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19461. | ||||
| CVE-2022-43645 | 1 Dlink | 4 Dir-825\/ac, Dir-825\/ac Firmware, Dir-825\/ee and 1 more | 2025-02-14 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IVI plugin for the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19462. | ||||
| CVE-2022-43646 | 1 Dlink | 4 Dir-825\/ac, Dir-825\/ac Firmware, Dir-825\/ee and 1 more | 2025-02-14 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Vimeo plugin for the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19463. | ||||
| CVE-2024-33774 | 1 Dlink | 1 Dir-619l Firmware | 2025-02-13 | 6.5 Medium |
| A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanSetup_Wizard allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage." | ||||
| CVE-2024-33772 | 1 Dlink | 1 Dir-619l Firmware | 2025-02-13 | 5.7 Medium |
| A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formTcpipSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter "curTime." | ||||
| CVE-2023-24800 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2025-02-13 | 9.8 Critical |
| D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_495220 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | ||||
| CVE-2023-24799 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2025-02-13 | 9.8 Critical |
| D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_48AF78 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | ||||
| CVE-2023-24798 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2025-02-13 | 9.8 Critical |
| D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_475FB0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | ||||
| CVE-2023-24797 | 1 Dlink | 2 Dir-882 A1, Dir-882 A1 Firmware | 2025-02-13 | 9.8 Critical |
| D-Link DIR882 DIR882A1_FW110B02 was discovered to contain a stack overflow in the sub_48AC20 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | ||||
| CVE-2023-27720 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2025-02-12 | 9.8 Critical |
| D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_48d630 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | ||||
| CVE-2023-27719 | 1 Dlink | 2 Dir878, Dir878 Firmware | 2025-02-12 | 9.8 Critical |
| D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_478360 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | ||||
| CVE-2022-43648 | 1 Dlink | 2 Dir-3040, Dir-3040 Firmware | 2025-02-12 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 1.20B03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MiniDLNA service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the MiniDLNA service. Was ZDI-CAN-19910. | ||||
| CVE-2023-27718 | 1 Dlink | 2 Dir878, Dir878 Firmware | 2025-02-11 | 9.8 Critical |
| D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_498308 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | ||||
| CVE-2023-26822 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-02-11 | 9.8 Critical |
| D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at soapcgi.main. | ||||
| CVE-2023-27216 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2025-02-10 | 8.8 High |
| An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the network settings page. | ||||
| CVE-2023-29665 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-02-06 | 9.8 Critical |
| D-Link DIR823G_V1.0.2B05 was discovered to contain a stack overflow via the NewPassword parameters in SetPasswdSettings. | ||||
| CVE-2022-40946 | 1 Dlink | 2 Dir-819, Dir-819 Firmware | 2025-02-06 | 7.5 High |
| On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via the sys_token parameter in a cgi-bin/webproc?getpage=html/index.html request. | ||||
| CVE-2023-32146 | 1 Dlink | 1 Dap-1360 | 2025-02-05 | 8.8 High |
| D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /cgi-bin/webproc endpoint. When parsing the errorpage and nextpage parameters, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18746. | ||||
| CVE-2023-32143 | 1 Dlink | 1 Dap-1360 | 2025-02-05 | 8.8 High |
| D-Link DAP-1360 webupg UPGCGI_CheckAuth Numeric Truncation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webupg endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18423. | ||||
| CVE-2023-32140 | 1 Dlink | 1 Dap-1360 | 2025-02-05 | 7.5 High |
| D-Link DAP-1360 webproc var:sys_Token Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. When parsing the var:sys_Token parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18418. | ||||