Filtered by vendor Dlink
Subscriptions
Total
1441 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55581 | 2 D-link, Dlink | 3 Dcs-825l, Dcs-825l, Dcs-825l Firmware | 2025-09-12 | 7.3 High |
| D-Link DCS-825L firmware version 1.08.01 and possibly prior versions contain an insecure implementation in the mydlink-watch-dog.sh script. The script monitors and respawns the `dcp` and `signalc` binaries without validating their integrity, origin, or permissions. An attacker with filesystem access (e.g., via UART or firmware modification) may replace these binaries to achieve persistent arbitrary code execution with root privileges. The issue stems from improper handling of executable trust and absence of integrity checks in the watchdog logic. | ||||
| CVE-2025-8978 | 2 D-link, Dlink | 3 Dir-619l, Dir-619l, Dir-619l Firmware | 2025-09-12 | 6.6 Medium |
| A vulnerability was determined in D-Link DIR-619L 6.02CN02. Affected is the function FirmwareUpgrade of the component boa. The manipulation leads to insufficient verification of data authenticity. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-55583 | 1 Dlink | 2 Dir-868l, Dir-868l Firmware | 2025-09-09 | 9.8 Critical |
| D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command injection vulnerability in the fileaccess.cgi component. The endpoint /dws/api/UploadFile accepts a pre_api_arg parameter that is passed directly to system-level shell execution functions without sanitization or authentication. Remote attackers can exploit this to execute arbitrary commands as root via crafted HTTP requests. | ||||
| CVE-2025-55582 | 1 Dlink | 2 Dcs-825l, Dcs-825l Firmware | 2025-09-09 | 6.6 Medium |
| D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script `mydlink-watch-dog.sh`, which blindly respawns binaries such as `dcp` and `signalc` without verifying integrity, authenticity, or permissions. An attacker with local filesystem access (via physical access, firmware modification, or debug interfaces) can replace these binaries with malicious payloads. The script executes these binaries as root in an infinite loop, leading to persistent privilege escalation and arbitrary code execution. This issue is mitigated in v1.09.02, but the product is officially End-of-Life and unsupported. | ||||
| CVE-2025-9752 | 2 D-link, Dlink | 3 Dir-852, Dir-852, Dir-852 Firmware | 2025-09-04 | 7.3 High |
| A security vulnerability has been detected in D-Link DIR-852 1.00CN B09. Impacted is the function soapcgi_main of the file soap.cgi of the component SOAP Service. Such manipulation of the argument service leads to os command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-9745 | 2 D-link, Dlink | 3 Di-500wf, Di-500wf, Di-500wf Firmware | 2025-09-04 | 4.7 Medium |
| A security vulnerability has been detected in D-Link DI-500WF 14.04.10A1T. The impacted element is an unknown function of the file /version_upgrade.asp of the component jhttpd. The manipulation of the argument path leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-9769 | 2 D-link, Dlink | 3 Di-7400g+, Di-7400g\+, Di-7400g\+ Firmware | 2025-09-04 | 4.1 Medium |
| A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub_478D28 of the file /mng_platform.asp. The manipulation of the argument addr with the input `echo 12345 > poc.txt` results in command injection. An attack on the physical device is feasible. The exploit has been released to the public and may be exploited. | ||||
| CVE-2024-5292 | 1 Dlink | 1 Network Assistant | 2025-09-04 | 7.8 High |
| D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of D-Link Network Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DNACore service. The service loads a file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21426. | ||||
| CVE-2024-43031 | 2 Autman, Dlink | 2 Autman, Autman | 2025-09-03 | 4.3 Medium |
| autMan v2.9.6 was discovered to contain an access control issue. | ||||
| CVE-2024-43032 | 2 Autman, Dlink | 2 Autman, Autman | 2025-09-03 | 4.3 Medium |
| autMan v2.9.6 allows attackers to bypass authentication via a crafted web request. | ||||
| CVE-2025-29514 | 2 D-link, Dlink | 3 Dsl-7740c, Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | 9.8 Critical |
| Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request. | ||||
| CVE-2025-29515 | 2 D-link, Dlink | 3 Dsl-7740c, Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | 9.8 Critical |
| Incorrect access control in the DELT_file.xgi endpoint of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to modify arbitrary settings within the device's XML database, including the administrator’s password. | ||||
| CVE-2025-29516 | 2 D-link, Dlink | 3 Dsl-7740c, Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | 7.2 High |
| D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the backup function. | ||||
| CVE-2025-29517 | 2 D-link, Dlink | 3 Dsl-7740c, Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | 6.8 Medium |
| D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the traceroute6 function. | ||||
| CVE-2025-29519 | 2 D-link, Dlink | 3 Dsl-7740c, Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | 5.3 Medium |
| A command injection vulnerability in the EXE parameter of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to execute arbitrary commands via supplying a crafted GET request. | ||||
| CVE-2025-29520 | 2 D-link, Dlink | 3 Dsl-7740c, Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | 5.3 Medium |
| Incorrect access control in the Maintenance module of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows authenticated attackers with low-level privileges to arbitrarily change the high-privileged account passwords and escalate privileges. | ||||
| CVE-2025-29521 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | 5.3 Medium |
| Insecure default credentials for the Adminsitrator account of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to escalate privileges via a bruteforce attack. | ||||
| CVE-2025-29522 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | 6.5 Medium |
| D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping function. | ||||
| CVE-2025-57105 | 1 Dlink | 1 Di-7400g+ | 2025-08-26 | 9.8 Critical |
| The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478D28 function in in mng_platform.asp, and sub_4A12DC function in wayos_ac_server.asp of the jhttpd program, with the parameter ac_mng_srv_host. | ||||
| CVE-2025-55611 | 2 D-link, Dlink | 3 Dir-619l B1, Dir-619l, Dir-619l Firmware | 2025-08-26 | 9.8 Critical |
| D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formLanguageChange function via the nextPage parameter. | ||||