Filtered by vendor D-link
Subscriptions
Total
326 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55581 | 2 D-link, Dlink | 3 Dcs-825l, Dcs-825l, Dcs-825l Firmware | 2025-09-12 | 7.3 High |
| D-Link DCS-825L firmware version 1.08.01 and possibly prior versions contain an insecure implementation in the mydlink-watch-dog.sh script. The script monitors and respawns the `dcp` and `signalc` binaries without validating their integrity, origin, or permissions. An attacker with filesystem access (e.g., via UART or firmware modification) may replace these binaries to achieve persistent arbitrary code execution with root privileges. The issue stems from improper handling of executable trust and absence of integrity checks in the watchdog logic. | ||||
| CVE-2025-8978 | 2 D-link, Dlink | 3 Dir-619l, Dir-619l, Dir-619l Firmware | 2025-09-12 | 6.6 Medium |
| A vulnerability was determined in D-Link DIR-619L 6.02CN02. Affected is the function FirmwareUpgrade of the component boa. The manipulation leads to insufficient verification of data authenticity. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-10093 | 1 D-link | 1 Dir-852 | 2025-09-09 | 5.3 Medium |
| A vulnerability was identified in D-Link DIR-852 up to 1.00CN B09. Affected by this vulnerability is the function phpcgi_main of the file /getcfg.php of the component Device Configuration Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-10123 | 1 D-link | 1 Dir-823 | 2025-09-09 | 7.3 High |
| A vulnerability was determined in D-Link DIR-823X up to 250416. Affected by this vulnerability is the function sub_415028 of the file /goform/set_static_leases. Executing manipulation of the argument Hostname can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-10034 | 1 D-link | 1 Dir-825 | 2025-09-08 | 8.8 High |
| A vulnerability was found in D-Link DIR-825 1.08.01. This impacts the function get_ping6_app_stat of the file ping6_response.cg of the component httpd. Performing manipulation of the argument ping6_ipaddr results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-9752 | 2 D-link, Dlink | 3 Dir-852, Dir-852, Dir-852 Firmware | 2025-09-04 | 7.3 High |
| A security vulnerability has been detected in D-Link DIR-852 1.00CN B09. Impacted is the function soapcgi_main of the file soap.cgi of the component SOAP Service. Such manipulation of the argument service leads to os command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-9745 | 2 D-link, Dlink | 3 Di-500wf, Di-500wf, Di-500wf Firmware | 2025-09-04 | 4.7 Medium |
| A security vulnerability has been detected in D-Link DI-500WF 14.04.10A1T. The impacted element is an unknown function of the file /version_upgrade.asp of the component jhttpd. The manipulation of the argument path leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-9769 | 2 D-link, Dlink | 3 Di-7400g+, Di-7400g\+, Di-7400g\+ Firmware | 2025-09-04 | 4.1 Medium |
| A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub_478D28 of the file /mng_platform.asp. The manipulation of the argument addr with the input `echo 12345 > poc.txt` results in command injection. An attack on the physical device is feasible. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-9938 | 1 D-link | 1 Di-8400 | 2025-09-04 | 8.8 High |
| A weakness has been identified in D-Link DI-8400 16.07.26A1. The affected element is the function yyxz_dlink_asp of the file /yyxz.asp. This manipulation of the argument ID causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-29514 | 2 D-link, Dlink | 3 Dsl-7740c, Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | 9.8 Critical |
| Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request. | ||||
| CVE-2025-29515 | 2 D-link, Dlink | 3 Dsl-7740c, Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | 9.8 Critical |
| Incorrect access control in the DELT_file.xgi endpoint of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to modify arbitrary settings within the device's XML database, including the administrator’s password. | ||||
| CVE-2025-29516 | 2 D-link, Dlink | 3 Dsl-7740c, Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | 7.2 High |
| D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the backup function. | ||||
| CVE-2025-29517 | 2 D-link, Dlink | 3 Dsl-7740c, Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | 6.8 Medium |
| D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the traceroute6 function. | ||||
| CVE-2025-29519 | 2 D-link, Dlink | 3 Dsl-7740c, Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | 5.3 Medium |
| A command injection vulnerability in the EXE parameter of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to execute arbitrary commands via supplying a crafted GET request. | ||||
| CVE-2025-29520 | 2 D-link, Dlink | 3 Dsl-7740c, Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | 5.3 Medium |
| Incorrect access control in the Maintenance module of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows authenticated attackers with low-level privileges to arbitrarily change the high-privileged account passwords and escalate privileges. | ||||
| CVE-2025-9727 | 1 D-link | 1 Dir-816l | 2025-09-02 | 6.3 Medium |
| A weakness has been identified in D-Link DIR-816L 206b01. Affected by this issue is the function soapcgi_main of the file /soap.cgi. This manipulation of the argument service causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2018-25115 | 1 D-link | 7 Dir-110, Dir-412, Dir-600 and 4 more | 2025-08-29 | N/A |
| Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-08-21 UTC. | ||||
| CVE-2025-55611 | 2 D-link, Dlink | 3 Dir-619l B1, Dir-619l, Dir-619l Firmware | 2025-08-26 | 9.8 Critical |
| D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formLanguageChange function via the nextPage parameter. | ||||
| CVE-2025-55602 | 2 D-link, Dlink | 3 Dir-619l, Dir-619l, Dir-619l Firmware | 2025-08-26 | 9.8 Critical |
| D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formSysCmd function via the submit-url parameter. | ||||
| CVE-2025-55599 | 2 D-link, Dlink | 3 Dir-619l, Dir-619l, Dir-619l Firmware | 2025-08-26 | 9.8 Critical |
| D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formWlanSetup function via the parameter f_wds_wepKey. | ||||