Filtered by vendor Dlink
Subscriptions
Total
1170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-26822 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-02-11 | 9.8 Critical |
| D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at soapcgi.main. | ||||
| CVE-2023-27216 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2025-02-10 | 8.8 High |
| An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the network settings page. | ||||
| CVE-2023-29665 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-02-06 | 9.8 Critical |
| D-Link DIR823G_V1.0.2B05 was discovered to contain a stack overflow via the NewPassword parameters in SetPasswdSettings. | ||||
| CVE-2022-40946 | 1 Dlink | 2 Dir-819, Dir-819 Firmware | 2025-02-06 | 7.5 High |
| On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via the sys_token parameter in a cgi-bin/webproc?getpage=html/index.html request. | ||||
| CVE-2023-32146 | 1 Dlink | 1 Dap-1360 | 2025-02-05 | 8.8 High |
| D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /cgi-bin/webproc endpoint. When parsing the errorpage and nextpage parameters, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18746. | ||||
| CVE-2023-32143 | 1 Dlink | 1 Dap-1360 | 2025-02-05 | 8.8 High |
| D-Link DAP-1360 webupg UPGCGI_CheckAuth Numeric Truncation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webupg endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18423. | ||||
| CVE-2023-32140 | 1 Dlink | 1 Dap-1360 | 2025-02-05 | 7.5 High |
| D-Link DAP-1360 webproc var:sys_Token Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. When parsing the var:sys_Token parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18418. | ||||
| CVE-2023-30063 | 1 Dlink | 2 Dir-890l, Dir-890l Firmware | 2025-01-30 | 7.5 High |
| D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass. | ||||
| CVE-2023-30061 | 1 Dlink | 2 Dir-879, Dir-879 Firmware | 2025-01-30 | 7.5 High |
| D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via phpcgi. | ||||
| CVE-2023-29961 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2025-01-23 | 9.8 Critical |
| D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack overflow via /goform/formTcpipSetup, | ||||
| CVE-2023-31814 | 1 Dlink | 2 Dir-300, Dir-300 Firmware | 2025-01-17 | 9.8 Critical |
| D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php. | ||||
| CVE-2023-33735 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2025-01-10 | 9.8 Critical |
| D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in the /HNAP1 interface. | ||||
| CVE-2022-37056 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-01-09 | 9.8 Critical |
| D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 is vulnerable to Command Injection via /cgibin, hnap_main, | ||||
| CVE-2019-10891 | 1 Dlink | 2 Dir-806, Dir-806 Firmware | 2025-01-09 | 9.8 Critical |
| An issue was discovered in D-Link DIR-806 devices. There is a command injection in function hnap_main, which calls system() without checking the parameter that can be controlled by user, and finally allows remote attackers to execute arbitrary shell commands with a special HTTP header. | ||||
| CVE-2023-33781 | 1 Dlink | 2 Dir-842v2, Dir-842v2 Firmware | 2025-01-07 | 8.8 High |
| An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing a crafted file. | ||||
| CVE-2023-33782 | 1 Dlink | 2 Dir-842v2, Dir-842v2 Firmware | 2025-01-06 | 8.8 High |
| D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function. | ||||
| CVE-2023-34856 | 1 Dlink | 2 Di-7500g-ci, Di-7500g-ci Firmware | 2025-01-06 | 5.4 Medium |
| A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /auth_pic.cgi. | ||||
| CVE-2022-37057 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-01-06 | 9.8 Critical |
| D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Command Injection via cgibin, ssdpcgi_main. | ||||
| CVE-2022-37055 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-01-06 | 9.8 Critical |
| D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main, | ||||
| CVE-2023-33625 | 1 Dlink | 2 Dir-600, Dir-600 Firmware | 2025-01-03 | 9.8 Critical |
| D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function. | ||||