Filtered by vendor Dlink
Subscriptions
Total
1737 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-5946 | 1 Dlink | 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more | 2025-04-11 | N/A |
| The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "Ping or Trace an IP Address" or (2) "Perform a DNS Lookup" section. | ||||
| CVE-2013-5730 | 1 Dlink | 2 Dsl-2740b, Dsl-2740b Firmware | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or disable Wireless MAC Address Filters via a wlFltMode action to wlmacflt.cmd, (2) enable or disable firewall protections via a request to scdmz.cmd, or (3) enable or disable remote management via a save action to scsrvcntr.cmd. | ||||
| CVE-2009-4821 | 1 Dlink | 1 Dir-615 | 2025-04-11 | N/A |
| The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors. | ||||
| CVE-2010-4965 | 1 Dlink | 2 Dcs-2121, Dcs-2121 Firmware | 2025-04-11 | N/A |
| /etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server. | ||||
| CVE-2012-1308 | 1 Dlink | 2 Dsl-2640b, Dsl-2640b Firmware | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter. | ||||
| CVE-2011-3992 | 1 Dlink | 6 Des-3800, Des-3800 Firmware, Dwl-2100ap and 3 more | 2025-04-11 | N/A |
| Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. | ||||
| CVE-2012-4046 | 1 Dlink | 2 Dcs-932l, Dcs-932l Firmware | 2025-04-11 | N/A |
| The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value. | ||||
| CVE-2012-5306 | 1 Dlink | 2 Camera Stream Client Activex Control, Dcs-5605 Ptz Ip Network Camera | 2025-04-11 | N/A |
| Stack-based buffer overflow in the SelectDirectory method in DcsCliCtrl.dll in Camera Stream Client ActiveX Control, as used in D-Link DCS-5605 PTZ IP Network Camera, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string argument. | ||||
| CVE-2022-46476 | 1 Dlink | 2 Dir-859 A1, Dir-859 A1 Firmware | 2025-04-03 | 9.8 Critical |
| D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function. | ||||
| CVE-2022-46475 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2025-04-03 | 9.8 Critical |
| D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack overflow via the service= variable in the genacgi_main function. | ||||
| CVE-2022-40717 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-04-01 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15727. | ||||
| CVE-2022-40718 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-04-01 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15728. | ||||
| CVE-2022-40719 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-04-01 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd_generic.lua plugin for the xupnpd service, which listens on TCP port 4044 by default. When parsing the feed parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15906. | ||||
| CVE-2022-40720 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-04-01 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on TCP port 4044 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the router. Was ZDI-CAN-15935. | ||||
| CVE-2022-41140 | 1 Dlink | 6 Dir-867, Dir-867 Firmware, Dir-878 and 3 more | 2025-04-01 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13796. | ||||
| CVE-2022-48108 | 1 Dlink | 2 Dir 878, Dir 878 Firmware | 2025-03-28 | 9.8 Critical |
| D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload. | ||||
| CVE-2022-48107 | 1 Dlink | 2 Dir 878, Dir 878 Firmware | 2025-03-28 | 9.8 Critical |
| D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress. This vulnerability allows attackers to escalate privileges to root via a crafted payload. | ||||
| CVE-2022-47035 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2025-03-27 | 9.8 Critical |
| Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint. | ||||
| CVE-2022-46552 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2025-03-27 | 8.8 High |
| D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request. | ||||
| CVE-2025-2618 | 1 Dlink | 2 Dap-1620, Dap-1620 Firmware | 2025-03-26 | 9.8 Critical |
| A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function set_ws_action of the file /dws/api/ of the component Path Handler. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||