Filtered by vendor D-link
Subscribe
Search
Total
255 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44928 | 1 D-link | 2 Dvg-g5402sp, Dvg-g5402sp Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function. | |||||
| CVE-2022-44929 | 1 D-link | 2 Dvg-g5402sp, Dvg-g5402sp Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles. | |||||
| CVE-2021-21816 | 1 D-link | 2 Dir-3040, Dir-3040 Firmware | 2022-07-29 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2020-29557 | 1 D-link | 6 Dir-825, Dir-825\/a, Dir-825\/ac and 3 more | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution. | |||||
| CVE-2021-33259 | 1 D-link | 2 Dir-868lw, Dir-868lw Firmware | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history. | |||||
| CVE-2017-7852 | 2 D-link, Dlink | 52 Dcs-2132l, Dcs-2132l Firmware, Dcs-2136l and 49 more | 2021-11-09 | 6.8 MEDIUM | 8.8 HIGH |
| D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim's DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1. | |||||
| CVE-2021-34860 | 1 D-link | 2 Dap-2020, Dap-2020 Firmware | 2021-10-27 | 3.3 LOW | 6.5 MEDIUM |
| This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the getpage parameter provided to the webproc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-12103. | |||||
| CVE-2021-34863 | 1 D-link | 2 Dap-2020, Dap-2020 Firmware | 2021-10-27 | 5.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:page parameter provided to the webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13271. | |||||
| CVE-2021-34862 | 1 D-link | 2 Dap-2020, Dap-2020 Firmware | 2021-10-27 | 5.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:menu parameter provided to the webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13270. | |||||
| CVE-2021-34861 | 1 D-link | 2 Dap-2020, Dap-2020 Firmware | 2021-10-27 | 5.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the webproc endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12104. | |||||
| CVE-2021-41503 | 1 D-link | 4 Dcs-5000l, Dcs-5000l Firmware, Dcs-932l and 1 more | 2021-09-30 | 5.2 MEDIUM | 8.0 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-3707 | 1 D-link | 2 Dsl-2750u, Dsl-2750u Firmware | 2021-08-24 | 2.1 LOW | 5.5 MEDIUM |
| D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device. | |||||
| CVE-2021-3708 | 1 D-link | 2 Dcs-2750u, Dcs-2750u Firmware | 2021-08-24 | 7.2 HIGH | 7.8 HIGH |
| D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3707, to execute any OS commands on the vulnerable device. | |||||
| CVE-2020-15894 | 1 D-link | 2 Dir-816l, Dir-816l Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT. | |||||
| CVE-2020-15892 | 1 D-link | 2 Dap-1520, Dap-1520 Firmware | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a user performs a login action from the web interface, the request values are being forwarded to the ssi binary. On the login page, the web interface restricts the password input field to a fixed length of 15 characters. The problem is that validation is being done on the client side, hence it can be bypassed. When an attacker manages to intercept the login request (POST based) and tampers with the vulnerable parameter (log_pass), to a larger length, the request will be forwarded to the webserver. This results in a stack-based buffer overflow. A few other POST variables, (transferred as part of the login request) are also vulnerable: html_response_page and log_user. | |||||
| CVE-2020-24580 | 1 D-link | 2 Dsl2888a, Dsl2888a Firmware | 2021-07-21 | 5.4 MEDIUM | 7.5 HIGH |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Lack of authentication functionality allows an attacker to assign a static IP address that was once used by a valid user. | |||||
| CVE-2020-13135 | 1 D-link | 2 Dsp-w215, Dsp-w215 Firmware | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| D-Link DSP-W215 1.26b03 devices allow information disclosure by intercepting messages on the local network, as demonstrated by a Squid Proxy. | |||||
| CVE-2019-18666 | 1 D-link | 2 Dap-1360 Revision F, Dap-1360 Revision F Firmware | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Versions 609EU through 613EUbeta were tested. Versions through 6.12b01 have weak root credentials, allowing an attacker to gain remote root access. After 6.12b01, the root credentials were changed but the telnet service can still be started without authorization. | |||||
| CVE-2020-24578 | 1 D-link | 2 Dsl2888a, Dsl2888a Firmware | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files (such as the password hash file). | |||||
| CVE-2020-9544 | 1 D-link | 2 Dsl-2640b, Dsl-2640b Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on D-Link DSL-2640B E1 EU_1.01 devices. The administrative interface doesn't perform authentication checks for a firmware-update POST request. Any attacker that can access the administrative interface can install firmware of their choice. | |||||
| CVE-2020-13136 | 1 D-link | 2 Dsp-w215, Dsp-w215 Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer. | |||||
| CVE-2019-15655 | 1 D-link | 2 Dsl-2875al, Dsl-2875al Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /romfile.cfg request to the web management server. This request doesn't require any authentication and will lead to saving the configuration file. The password is stored in cleartext. | |||||
| CVE-2020-12695 | 18 Asus, Broadcom, Canon and 15 more | 257 Rt-n11, Adsl, Selphy Cp1200 and 254 more | 2021-04-23 | 7.8 HIGH | 7.5 HIGH |
| The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | |||||
| CVE-2021-27250 | 1 D-link | 2 Dap-2020, Dap-2020 Firmware | 2021-04-22 | 3.3 LOW | 6.5 MEDIUM |
| This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the errorpage request parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11856. | |||||
| CVE-2019-17663 | 1 D-link | 2 Dir-866l, Dir-866l Firmware | 2021-04-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessage in the device common gateway interface, leading to common injection. | |||||
| CVE-2021-27249 | 1 D-link | 2 Dap-2020, Dap-2020 Firmware | 2021-04-22 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11369. | |||||
| CVE-2021-27248 | 1 D-link | 2 Dap-2020, Dap-2020 Firmware | 2021-04-22 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the getpage parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10932. | |||||
| CVE-2021-26709 | 1 D-link | 1 Dsl-320b-d1 | 2021-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2014-8361 | 2 D-link, Realtek | 11 Dir-600l, Dir-600l Firmware, Dir-605l and 8 more | 2021-04-09 | 10.0 HIGH | N/A |
| The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request. | |||||
| CVE-2020-24579 | 1 D-link | 2 Dsl2888a, Dsl2888a Firmware | 2020-12-23 | 5.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality. | |||||
| CVE-2020-24581 | 1 D-link | 2 Dsl2888a, Dsl2888a Firmware | 2020-12-23 | 7.7 HIGH | 8.0 HIGH |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It contains an execute_cmd.cgi feature (that is not reachable via the web user interface) that lets an authenticated user execute Operating System commands. | |||||
| CVE-2020-26567 | 1 D-link | 2 Dsr-250n, Dsr-250n Firmware | 2020-10-19 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore unusable for several minutes. | |||||
| CVE-2020-25078 | 1 D-link | 4 Dcs-2530l, Dcs-2530l Firmware, Dcs-2670l and 1 more | 2020-09-11 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure. | |||||
| CVE-2019-6258 | 1 D-link | 2 Dir-822, Dir-822 Firmware | 2020-08-25 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow a buffer overflow via long MacAddress data in a /HNAP1/SetClientInfo HNAP protocol message, which is mishandled in /usr/sbin/udhcpd during reading of the /var/servd/LAN-1-udhcpd.conf file. | |||||
| CVE-2018-18767 | 1 D-link | 3 Dcs-825l, Dcs-825l Firmware, Mydlink Baby Camera Monitor | 2020-08-24 | 1.9 LOW | 7.0 HIGH |
| An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and password) in base64 cleartext. An attacker could conduct an MitM attack on the local network and very easily obtain these credentials. | |||||
| CVE-2018-11013 | 1 D-link | 2 Dir-816 A2, Dir-816 A2 Firmware | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header. | |||||
| CVE-2018-20056 | 1 D-link | 4 Dir-605l, Dir-605l Firmware, Dir-619l and 1 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. There is a stack-based buffer overflow allowing remote attackers to execute arbitrary code without authentication via the goform/formLanguageChange currTime parameter. | |||||
| CVE-2019-9126 | 1 D-link | 2 Dir-825 Rev.b, Dir-825 Rev.b Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is an information disclosure vulnerability via requests for the router_info.xml document. This will reveal the PIN code, MAC address, routing table, firmware version, update time, QOS information, LAN information, and WLAN information of the device. | |||||
| CVE-2018-16408 | 1 D-link | 2 Dir-846, Dir-846 Firmware | 2020-08-24 | 9.0 HIGH | 7.2 HIGH |
| D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access. | |||||
| CVE-2019-9125 | 1 D-link | 2 Dir-878, Dir-878 Firmware | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-878 1.12B01 devices. Because strncpy is misused, there is a stack-based buffer overflow vulnerability that does not require authentication via the HNAP_AUTH HTTP header. | |||||
| CVE-2019-9122 | 1 D-link | 2 Dir-825 Rev.b, Dir-825 Rev.b Firmware | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the ntp_server parameter in an ntp_sync.cgi POST request. | |||||
| CVE-2018-17067 | 1 D-link | 2 Dir-816 A2, Dir-816 A2 Firmware | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address. | |||||
| CVE-2019-9123 | 1 D-link | 2 Dir-825 Rev.b, Dir-825 Rev.b Firmware | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "user" account has a blank password. | |||||
| CVE-2019-9124 | 1 D-link | 2 Dir-878, Dir-878 Firmware | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-878 1.12B01 devices. At the /HNAP1 URI, an attacker can log in with a blank password. | |||||
| CVE-2019-19225 | 1 D-link | 2 Dsl-2680, Dsl-2680 Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to change DNS servers without being authenticated on the admin interface by submitting a crafted Forms/dns_1 POST request. | |||||
| CVE-2018-17880 | 1 D-link | 2 Dir-823g, Dir-823g Firmware | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 RunReboot commands without authentication to trigger a reboot. | |||||
| CVE-2019-19224 | 1 D-link | 2 Dsl-2680, Dsl-2680 Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to download the configuration (binary file) settings by submitting a rom-0 GET request without being authenticated on the admin interface. | |||||
| CVE-2019-19226 | 1 D-link | 2 Dsl-2680, Dsl-2680 Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to enable or disable MAC address filtering by submitting a crafted Forms/WlanMacFilter_1 POST request without being authenticated on the admin interface. | |||||
| CVE-2019-13264 | 1 D-link | 2 Dir-825\/ac G1, Dir-825\/ac G1 Firmware | 2020-08-24 | 5.8 MEDIUM | 8.8 HIGH |
| D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender. | |||||
| CVE-2019-13263 | 1 D-link | 2 Dir-825\/ac G1, Dir-825\/ac G1 Firmware | 2020-08-24 | 5.8 MEDIUM | 8.8 HIGH |
| D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field. | |||||