Filtered by vendor D-link
Subscribe
Search
Total
77 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8361 | 2 D-link, Realtek | 11 Dir-600l, Dir-600l Firmware, Dir-605l and 8 more | 2021-04-09 | 10.0 HIGH | N/A |
| The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request. | |||||
| CVE-2006-3687 | 1 D-link | 7 Di-524, Di-604 Broadband Router, Di-624 and 4 more | 2018-10-18 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900. | |||||
| CVE-2006-2901 | 1 D-link | 1 Dwl-2100ap | 2018-10-18 | 5.0 MEDIUM | N/A |
| The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords. | |||||
| CVE-2006-2653 | 1 D-link | 1 Dsa-3100 Airspot Gateway | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter. | |||||
| CVE-2006-2337 | 1 D-link | 1 Dsl-g604t | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wireless ADSL Router Modem allows remote attackers to read arbitrary files via an absolute path in the getpage parameter. | |||||
| CVE-2006-0784 | 1 D-link | 1 Dwl-g700ap | 2018-10-18 | 5.0 MEDIUM | N/A |
| D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of "GET" followed by a space and two newlines, possibly triggering the crash due to missing arguments. | |||||
| CVE-2006-6538 | 1 D-link | 1 Dwl-2000ap\+ | 2018-10-17 | 7.8 HIGH | N/A |
| D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the wireless link. | |||||
| CVE-2006-5538 | 1 D-link | 1 Dsl-g624t | 2018-10-17 | 5.0 MEDIUM | N/A |
| D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to list contents of the cgi-bin directory via unspecified vectors, probably a direct request. | |||||
| CVE-2006-5536 | 1 D-link | 1 Dsl-g624t | 2018-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter. | |||||
| CVE-2006-5537 | 1 D-link | 1 Dsl-g624t | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allow remote attackers to inject arbitrary web script or HTML via the (1) upnp:settings/state or (2) upnp:settings/connection parameters. | |||||
| CVE-2008-4133 | 1 D-link | 1 Dir-100 | 2018-10-11 | 4.3 MEDIUM | N/A |
| The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters. | |||||
| CVE-2008-1266 | 1 D-link | 1 Di-524 | 2018-10-11 | 7.8 HIGH | N/A |
| Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value. | |||||
| CVE-2008-1258 | 1 D-link | 1 Di-604 | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI-604 router allows remote attackers to inject arbitrary web script or HTML via the rf parameter. | |||||
| CVE-2008-1253 | 1 D-link | 1 Dsl-g604t | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Link DSL-G604T router allows remote attackers to inject arbitrary web script or HTML via the var:category parameter, as demonstrated by a request for advanced/portforw.htm on the fwan page. | |||||
| CVE-2010-2292 | 1 D-link | 1 Di-604 | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Ping tools web interface in Dlink Di-604 router allows remote attackers to inject arbitrary web script or HTML via the IP field. | |||||
| CVE-2010-2293 | 1 D-link | 1 Di-604 | 2018-10-10 | 6.8 MEDIUM | N/A |
| The Ping tools web interface in Dlink Di-604 router allows remote authenticated users to cause a denial of service via a large "ip textfield" size. | |||||
| CVE-2015-5999 | 1 D-link | 2 Dir-816l, Dir-816l Firmware | 2018-10-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi. | |||||
| CVE-2001-1137 | 1 D-link | 1 Dl-704 | 2017-12-19 | 5.0 MEDIUM | N/A |
| D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows remote attackers to cause a denial of service (reboot) via malformed IP datagram fragments. | |||||
| CVE-2008-4771 | 3 4xem, D-link, Vivotek | 3 Vatctrl Class, Mpeg4 Shm Audio Control, Rtsp Mpeg4 Sp Control | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39), and possibly other products, allows remote attackers to execute arbitrary code via a long Url property. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2015-2049 | 1 D-link | 2 Dcs-931l, Dcs-931l Firmware | 2017-09-10 | 9.0 HIGH | N/A |
| Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension. | |||||
| CVE-2014-9238 | 1 D-link | 2 Dcs-2103 Hd Cube Network Camera, Dcs-2103 Hd Cube Network Camera Firmware | 2017-09-09 | 5.0 MEDIUM | N/A |
| D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) character. | |||||
| CVE-2014-100005 | 1 D-link | 2 Dir-60, Dir-600 Firmware | 2017-09-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php. | |||||
| CVE-2013-7321 | 1 D-link | 2 Dap 2253, Dap 2253 Firmware | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in D-Link DAP-2253 Access Point (Rev. A1) with firmware before 1.30 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-5306 | 1 D-link | 2 Camera Stream Client Activex Control, Dcs-5605 Ptz Ip Network Camera | 2017-08-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the SelectDirectory method in DcsCliCtrl.dll in Camera Stream Client ActiveX Control, as used in D-Link DCS-5605 PTZ IP Network Camera, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string argument. | |||||
| CVE-2010-0936 | 1 D-link | 1 Dkvm-ip8 | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter. | |||||
| CVE-2007-3347 | 1 D-link | 2 Dph-540, Dph-541 | 2017-07-29 | 7.8 HIGH | N/A |
| The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID. | |||||
| CVE-2007-3348 | 1 D-link | 2 Dph-540, Dph-541 | 2017-07-29 | 7.8 HIGH | N/A |
| The D-Link DPH-540/DPH-541 phone allows remote attackers to cause a denial of service (device outage) via a malformed SDP header in a SIP INVITE message. | |||||
| CVE-2007-0933 | 2 D-link, Microsoft | 2 Dwl-g650\+, Windows Xp | 2017-07-29 | 7.8 HIGH | N/A |
| Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ (Rev. A1) on Windows XP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a beacon frame with a long TIM Information Element. | |||||
| CVE-2003-1346 | 1 D-link | 1 Dwl-900ap\+ | 2017-07-29 | 10.0 HIGH | N/A |
| D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager. | |||||
| CVE-2005-4723 | 1 D-link | 3 Di-524, Di-624, Di-784 | 2017-07-20 | 5.0 MEDIUM | N/A |
| D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment. | |||||
| CVE-2004-1650 | 1 D-link | 1 Dcs-900 Internet Camera | 2017-07-11 | 7.5 HIGH | N/A |
| D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet. | |||||
| CVE-2004-0615 | 1 D-link | 3 Di-614\+, Di-624, Di-704p | 2017-07-11 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request. | |||||
| CVE-2004-0661 | 1 D-link | 3 Di-604, Di-614\+, Di-624 | 2017-07-11 | 5.0 MEDIUM | N/A |
| Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid for thirteen or more years. | |||||
| CVE-2015-2050 | 1 D-link | 2 Dap-1320, Dap-1320 Firmware | 2017-03-24 | 10.0 HIGH | N/A |
| D-Link DAP-1320 Rev Ax with firmware before 1.21b05 allows attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2015-2051 | 1 D-link | 2 Dir-645, Dir-645 Firmware | 2016-12-31 | 10.0 HIGH | N/A |
| The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. | |||||
| CVE-2015-2052 | 1 D-link | 2 Dir-645, Dir-645 Firmware | 2016-12-31 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface. | |||||
| CVE-2013-7389 | 1 D-link | 2 Dir-645, Dir-645 Firmware | 2016-12-31 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php. | |||||
| CVE-2005-1827 | 1 D-link | 1 Dsl-504t | 2016-10-18 | 7.5 HIGH | N/A |
| D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg. | |||||
| CVE-2005-1828 | 1 D-link | 1 Dsl-504t | 2016-10-18 | 7.5 HIGH | N/A |
| D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2005-1680 | 1 D-link | 4 Dsl-502t, Dsl-504t, Dsl-562t and 1 more | 2016-10-18 | 7.5 HIGH | N/A |
| D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firmwarecfg is executed, allows remote attackers to bypass authentication (1) if their IP address already exists in /var/tmp/fw_ip or (2) if their request is the first, which causes /var/tmp/fw_ip to be created and contain their IP address. | |||||
| CVE-2002-1068 | 1 D-link | 1 Dp-303 | 2016-10-18 | 5.0 MEDIUM | N/A |
| The web server for D-Link DP-300 print server allows remote attackers to cause a denial of service (hang) via a large HTTP POST request. | |||||
| CVE-2002-1069 | 1 D-link | 1 Di-804 | 2016-10-18 | 5.0 MEDIUM | N/A |
| The remote administration capability for the D-Link DI-804 router 4.68 allows remote attackers to bypass authentication and release DHCP addresses or obtain sensitive information via a direct web request to the pages (1) release.htm, (2) Device Status, or (3) Device Information. | |||||
| CVE-2014-3936 | 1 D-link | 6 Dir-505l Shareport Mobile Companion, Dir505 Shareport Mobile Companion, Dir505 Shareport Mobile Companion Firmware and 3 more | 2015-10-08 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request. | |||||
| CVE-2014-3872 | 1 D-link | 2 Dap-1350, Dap-1350 Firmware | 2015-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1) with firmware 1.14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password. | |||||
| CVE-2014-4645 | 1 D-link | 1 Dsl-2760u-e1 | 2015-09-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname. | |||||
| CVE-2012-4046 | 1 D-link | 2 Dcs-932l, Dcs-932l Firmware | 2015-03-18 | 3.3 LOW | N/A |
| The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value. | |||||
| CVE-2015-2048 | 1 D-link | 2 Dcs-931l, Dcs-931l Firmware | 2015-02-24 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2015-1028 | 1 D-link | 2 Dsl-2730b, Dsl-2730b Firmware | 2015-01-26 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer). | |||||
| CVE-2014-10028 | 1 D-link | 2 Dap-1360, Dap-1360 Firmware | 2015-01-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi when res_config_id is set to 41. | |||||
| CVE-2014-10026 | 1 D-link | 2 Dap-1360, Dap-1360 Firmware | 2015-01-14 | 5.0 MEDIUM | N/A |
| index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows remote attackers to bypass authentication and obtain sensitive information by setting the client_login cookie to admin. | |||||