Filtered by vendor D-link
Subscriptions
Total
384 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-60561 | 2 D-link, Dlink | 3 Dir-600l, Dir-600l, Dir-600l Firmware | 2025-10-28 | 7.5 High |
| D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEmail. | ||||
| CVE-2025-60562 | 2 D-link, Dlink | 3 Dir-600l, Dir-600l, Dir-600l Firmware | 2025-10-28 | 7.5 High |
| D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formWlSiteSurvey. | ||||
| CVE-2025-60564 | 2 D-link, Dlink | 3 Dir-600l, Dir-600l, Dir-600l Firmware | 2025-10-28 | 7.5 High |
| D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetLog. | ||||
| CVE-2025-60565 | 2 D-link, Dlink | 3 Dir-600l, Dir-600l, Dir-600l Firmware | 2025-10-28 | 7.5 High |
| D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSchedule. | ||||
| CVE-2025-60563 | 2 D-link, Dlink | 3 Dir-600l, Dir-600l, Dir-600l Firmware | 2025-10-27 | 7.5 High |
| D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetPortTr. | ||||
| CVE-2025-12296 | 1 D-link | 1 Dap-2695 | 2025-10-27 | 4.7 Medium |
| A security vulnerability has been detected in D-Link DAP-2695 2.00RC13. The impacted element is the function sub_4174B0 of the component Firmware Update Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-12295 | 1 D-link | 1 Dap-2695 | 2025-10-27 | 6.6 Medium |
| A weakness has been identified in D-Link DAP-2695 2.00RC13. The affected element is the function sub_40C6B8 of the component Firmware Update Handler. Executing manipulation can lead to improper verification of cryptographic signature. The attack can be launched remotely. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-60332 | 2 D-link, Dlink | 3 Dir-823g, Dir-823g, Dir-823g Firmware | 2025-10-24 | 7.5 High |
| A NULL pointer dereference in the SetWLanRadioSettings function of D-Link DIR-823G A1 v1.0.2B05 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||||
| CVE-2025-34255 | 1 D-link | 1 Nuclias Connect | 2025-10-21 | N/A |
| D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses differ in the `data.exist` boolean value, an unauthenticated remote attacker can enumerate valid email addresses/accounts on the server. NOTE: D-Link states that a fix is under development. | ||||
| CVE-2025-34253 | 1 D-link | 1 Nuclias Connect | 2025-10-21 | N/A |
| D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain a stored cross-site scripting (XSS) vulnerability due to improper sanitization of the 'Network' field when editing the configuration, creating a profile, and adding a network. An authenticated attacker can inject arbitrary JavaScript to be executed in the context of other users viewing the profile entry. NOTE: D-Link states that a fix is under development. | ||||
| CVE-2025-34254 | 1 D-link | 1 Nuclias Connect | 2025-10-21 | N/A |
| D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Login' endpoint returns distinct JSON responses depending on whether the supplied username is associated with an existing account. Because the responses differ in the `error.message`string value, an unauthenticated remote attacker can enumerate valid usernames/accounts on the server. NOTE: D-Link states that a fix is under development. | ||||
| CVE-2025-11665 | 1 D-link | 1 Dap-2695 | 2025-10-20 | 4.7 Medium |
| A vulnerability was detected in D-Link DAP-2695 2.00RC131. This affects the function fwupdater_main of the file rgbin of the component Firmware Update Handler. Performing manipulation results in os command injection. The attack may be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-34248 | 1 D-link | 1 Nuclias Connect | 2025-10-14 | N/A |
| D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a directory traversal vulnerability within /api/web/dnc/global/database/deleteBackup due to improper sanitization of the deleteBackupList parameter. This can allow an authenticated attacker to delete arbitrary files impacting the integrity and availability of the system. | ||||
| CVE-2025-61577 | 1 D-link | 1 Dir-816a2 | 2025-10-14 | 7.5 High |
| D-Link DIR-816A2_FWv1.10CNB05 was discovered to contain a stack overflow via the statuscheckpppoeuser parameter in the dir_setWanWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-11488 | 1 D-link | 1 Dir-852 | 2025-10-09 | 7.3 High |
| A weakness has been identified in D-Link DIR-852 up to 20251002. This affects an unknown part of the file /HNAP1/. Executing manipulation can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-11338 | 1 D-link | 1 Di-7100g C1 | 2025-10-08 | 8.8 High |
| A flaw has been found in D-Link DI-7100G C1 up to 20250928. This vulnerability affects the function sub_4C0990 of the file /webchat/login.cgi of the component jhttpd. Executing manipulation of the argument openid can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used. | ||||
| CVE-2025-11339 | 1 D-link | 1 Di-7100g C1 | 2025-10-08 | 8.8 High |
| A vulnerability has been found in D-Link DI-7100G C1 up to 20250928. This issue affects the function sub_4BD4F8 of the file /webchat/hi_block.asp of the component jhttpd. The manipulation of the argument popupId leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-11407 | 1 D-link | 1 Di-7001 Mini | 2025-10-08 | 6.3 Medium |
| A weakness has been identified in D-Link DI-7001 MINI 24.04.18B1. Impacted is an unknown function of the file /upgrade_filter.asp. This manipulation of the argument path causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-11408 | 1 D-link | 1 Di-7001 Mini | 2025-10-08 | 8.8 High |
| A security vulnerability has been detected in D-Link DI-7001 MINI 24.04.18B1. The affected element is an unknown function of the file /dbsrv.asp. Such manipulation of the argument str leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-10792 | 2 D-link, Dlink | 3 Dir-513, Dir-513, Dir-513 Firmware | 2025-10-08 | 8.8 High |
| A security vulnerability has been detected in D-Link DIR-513 A1FW110. Affected is an unknown function of the file /goform/formWPS. Such manipulation of the argument webpage leads to buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||