Filtered by vendor Dlink
Subscribe
Search
Total
385 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8413 | 1 Dlink | 4 Dcs-1100, Dcs-1100 Firmware, Dcs-1130 and 1 more | 2021-04-23 | 8.3 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device runs a custom daemon on UDP port 5978 which is called "dldps2121" and listens for broadcast packets sent on 255.255.255.255. This daemon handles custom D-Link UDP based protocol that allows D-Link mobile applications and desktop applications to discover D-Link devices on the local network. The binary processes the received UDP packets sent from any device in "main" function. One path in the function traverses towards a block of code that handles commands to be executed on the device. The custom protocol created by D-Link follows the following pattern: Packetlen, Type of packet; M=MAC address of device or broadcast; D=Device Type;C=base64 encoded command string;test=1111. If a packet is received with the packet type being "S" or 0x53 then the string passed in the "C" parameter is base64 decoded and then executed by passing into a System API. We can see at address 0x00009B44 that the string received in packet type subtracts 0x31 or "1" from the packet type and is compared against 0x22 or "double quotes". If that is the case, then the packet is sent towards the block of code that executes a command. Then the value stored in "C" parameter is extracted at address 0x0000A1B0. Finally, the string received is base 64 decoded and passed on to the system API at address 0x0000A2A8 as shown below. The same form of communication can be initiated by any process including an attacker process on the mobile phone or the desktop and this allows a third-party application on the device to execute commands on the device without any authentication by sending just 1 UDP packet with custom base64 encoding. | |||||
| CVE-2018-15875 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2021-04-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request. | |||||
| CVE-2018-15874 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2021-04-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request. | |||||
| CVE-2018-6210 | 1 Dlink | 2 Dir-620, Dir-620 Firmware | 2021-04-23 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session. | |||||
| CVE-2017-11436 | 1 Dlink | 1 Dir-615 | 2021-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection. | |||||
| CVE-2018-20675 | 1 Dlink | 8 Dir-822, Dir-822-us, Dir-822-us Firmware and 5 more | 2021-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass. | |||||
| CVE-2019-12786 | 1 Dlink | 2 Dir-818lw, Dir-818lw Firmware | 2021-04-23 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the IPAddress key. | |||||
| CVE-2018-9032 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2021-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php or /folder_view.php. | |||||
| CVE-2019-7642 | 1 Dlink | 10 Dir-816, Dir-816 Firmware, Dir-816l and 7 more | 2021-04-23 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10). | |||||
| CVE-2021-28143 | 1 Dlink | 2 Dir-841, Dir-841 Firmware | 2021-04-23 | 7.7 HIGH | 8.0 HIGH |
| /jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute (under System Tools). | |||||
| CVE-2019-13482 | 1 Dlink | 2 Dir-818lw, Dir-818lw Firmware | 2021-04-23 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings. | |||||
| CVE-2018-20114 | 1 Dlink | 4 Dir-818lw, Dir-818lw Firmware, Dir-860l and 1 more | 2021-04-23 | 10.0 HIGH | 9.8 CRITICAL |
| On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530. | |||||
| CVE-2018-15839 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2021-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header. | |||||
| CVE-2019-13101 | 1 Dlink | 2 Dir-600m, Dir-600m Firmware | 2021-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page. | |||||
| CVE-2018-16605 | 1 Dlink | 2 Dir-600m, Dir-600m Firmware | 2021-04-23 | 3.5 LOW | 5.4 MEDIUM |
| D-Link DIR-600M devices allow XSS via the Hostname and Username fields in the Dynamic DNS Configuration page. | |||||
| CVE-2020-13960 | 1 Dlink | 4 Dir-600m, Dir-600m Firmware, Dsl-2730u and 1 more | 2021-04-23 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses (and also offer Internet services such as HTTP) for names that otherwise would have had an NXDOMAIN error, by registering a subdomain of the domain.name domain name. | |||||
| CVE-2017-7404 | 1 Dlink | 1 Dir-615 | 2021-04-23 | 6.8 MEDIUM | 8.8 HIGH |
| On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim's Router without knowing the credentials (CSRF). An attacker can host a page that sends a POST request to Form2File.htm that tries to upload Firmware to victim's Router. This causes the router to reboot/crash resulting in Denial of Service. An attacker may succeed in uploading malicious Firmware. | |||||
| CVE-2017-7405 | 1 Dlink | 1 Dir-615 | 2021-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an attacker might be able to take over the administrative session without being prompted for authentication credentials. An attacker can get the victim's and router's IP addresses by simply sniffing the network traffic. Moreover, if the victim has web access enabled on his router and is accessing the web interface from a different network that is behind the NAT/Proxy, an attacker can sniff the network traffic to know the public IP address of the victim's router and take over his session as he won't be prompted for credentials. | |||||
| CVE-2017-7406 | 1 Dlink | 1 Dir-615 | 2021-04-23 | 5.0 MEDIUM | 9.8 CRITICAL |
| The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being added while sniffing the traffic. | |||||
| CVE-2021-28144 | 1 Dlink | 2 Dir-3060, Dir-3060 Firmware | 2021-04-23 | 9.0 HIGH | 8.8 HIGH |
| prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls CheckArpTables, which calls popen unsafely. | |||||
| CVE-2016-11021 | 1 Dlink | 2 Dcs-930l, Dcs-930l Firmware | 2021-04-23 | 9.0 HIGH | 7.2 HIGH |
| setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter. | |||||
| CVE-2013-7471 | 1 Dlink | 10 Dir-300, Dir-300 Firmware, Dir-600 and 7 more | 2021-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request. | |||||
| CVE-2019-11017 | 1 Dlink | 2 Di-524, Di-524 Firmware | 2021-04-23 | 3.5 LOW | 4.8 MEDIUM |
| On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter. | |||||
| CVE-2018-20445 | 1 Dlink | 4 Dcm-604, Dcm-604 Firmware, Dcm-704 and 1 more | 2021-04-23 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.32 and iso.3.6.1.4.1.4413.2.2.2.1.5.4.2.4.1.2.32 SNMP requests. | |||||
| CVE-2018-18009 | 1 Dlink | 4 Dir-140l, Dir-140l Firmware, Dir-640l and 1 more | 2021-04-23 | 5.0 MEDIUM | 9.8 CRITICAL |
| dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials. | |||||
| CVE-2017-9100 | 1 Dlink | 2 Dir-600m, Dir-600m Firmware | 2021-04-23 | 8.3 HIGH | 8.8 HIGH |
| login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt. | |||||
| CVE-2021-27113 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2021-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters. | |||||
| CVE-2021-27114 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2021-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the"'s_ip" and "s_mac" fields could lead to a Stack-Based Buffer Overflow and overwrite the return address. | |||||
| CVE-2021-29379 | 1 Dlink | 2 Dir-802, Dir-802 Firmware | 2021-04-19 | 5.8 MEDIUM | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-27600 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2021-04-09 | 10.0 HIGH | 9.8 CRITICAL |
| HNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-846 DIR-846 A1_100.26 allows remote attackers to execute arbitrary commands via shell metacharacters in the ssid0 or ssid1 parameter. | |||||
| CVE-2020-27864 | 1 Dlink | 2 Dap-1860, Dap-1860 Firmware | 2021-03-25 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the Authorization request header, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-10880. | |||||
| CVE-2020-27865 | 1 Dlink | 2 Dap-1860, Dap-1860 Firmware | 2021-03-25 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uhttpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the device. Was ZDI-CAN-10894. | |||||
| CVE-2021-3182 | 1 Dlink | 2 Dcs-5220, Dcs-5220 Firmware | 2021-01-28 | 7.7 HIGH | 8.0 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** D-Link DCS-5220 devices have a buffer overflow. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2018-20432 | 1 Dlink | 4 Covr-2600r, Covr-2600r Firmware, Covr-3902 and 1 more | 2020-10-29 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration. | |||||
| CVE-2019-10040 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication. | |||||
| CVE-2019-8392 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provided by /bin/goahead. | |||||
| CVE-2019-7736 | 1 Dlink | 2 Dir-600m, Dir-600m Firmware | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page. NOTE: this may overlap CVE-2019-13101. | |||||
| CVE-2019-7390 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2020-08-24 | 5.0 MEDIUM | 8.6 HIGH |
| An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via the SetWanSettings HNAP API. | |||||
| CVE-2019-7389 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. There is incorrect access control allowing remote attackers to reset the router without authentication via the SetFactoryDefault HNAP API. Consequently, an attacker can achieve a denial-of-service attack without authentication. | |||||
| CVE-2019-7388 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address) about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an attacker can achieve information disclosure without authentication. | |||||
| CVE-2019-19597 | 1 Dlink | 2 Dap-1860, Dap-1860 Firmware | 2020-08-24 | 8.3 HIGH | 8.8 HIGH |
| D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header. | |||||
| CVE-2019-18852 | 1 Dlink | 14 Dir-600 B1, Dir-600 B1 Firmware, Dir-615 J1 and 11 more | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00. | |||||
| CVE-2019-17506 | 1 Dlink | 4 Dir-817lw A1, Dir-817lw A1 Firmware, Dir-868l B1 and 1 more | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely. | |||||
| CVE-2019-17505 | 1 Dlink | 2 Dap-1320 A2, Dap-1320 A2 Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DAP-1320 A2-V1.21 routers have some web interfaces without authentication requirements, as demonstrated by uplink_info.xml. An attacker can remotely obtain a user's Wi-Fi SSID and password, which could be used to connect to Wi-Fi or perform a dictionary attack. | |||||
| CVE-2019-17512 | 1 Dlink | 2 Dir-412, Dir-412 Firmware | 2020-08-24 | 6.4 MEDIUM | 9.1 CRITICAL |
| There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can clear the router's log file via act=clear&logtype=sysact to log_clear.php, which could be used to erase attack traces. | |||||
| CVE-2019-17511 | 1 Dlink | 2 Dir-412, Dir-412 Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can get the router's log file via log_get.php, which could be used to discover the intranet network structure. | |||||
| CVE-2019-15530 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the LoginPassword field to Login. | |||||
| CVE-2019-15529 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login. | |||||
| CVE-2019-15528 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSettings. | |||||
| CVE-2019-15527 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings. | |||||