Filtered by vendor Dlink
Subscribe
Total
1539 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7406 | 1 Dlink | 1 Dir-615 | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being added while sniffing the traffic. | |||||
| CVE-2017-14425 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 2.1 LOW | 7.8 HIGH |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions. | |||||
| CVE-2017-14415 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php. | |||||
| CVE-2014-7860 | 2 D-link, Dlink | 4 Dns-320l Firmware, Dns-327l Firmware, Dns-320l and 1 more | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and access_token. | |||||
| CVE-2014-7858 | 2 D-link, Dlink | 2 Dnr-326 Firmware, Dnr-326 | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string. | |||||
| CVE-2017-7398 | 2 D-link, Dlink | 2 Dir-615 Firmware, Dir-615 | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or changing the hiddenSSID parameter, SSID parameter, or a security-option password. | |||||
| CVE-2016-10125 | 1 Dlink | 13 Dgs-1100-05, Dgs-1100-05pd, Dgs-1100-08 and 10 more | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session. | |||||
| CVE-2017-14418 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 4.3 MEDIUM | 8.1 HIGH |
| The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services. | |||||
| CVE-2017-7404 | 1 Dlink | 1 Dir-615 | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim's Router without knowing the credentials (CSRF). An attacker can host a page that sends a POST request to Form2File.htm that tries to upload Firmware to victim's Router. This causes the router to reboot/crash resulting in Denial of Service. An attacker may succeed in uploading malicious Firmware. | |||||
| CVE-2016-10178 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command. | |||||
| CVE-2016-10182 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on the D-Link DWR-932B router. qmiweb allows command injection with ` characters. | |||||
| CVE-2017-9542 | 2 D-link, Dlink | 2 Dir-615 Firmware, Dir-615 | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device. | |||||
| CVE-2017-14422 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | |||||
| CVE-2017-14423 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests. | |||||
| CVE-2017-14419 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established. | |||||
| CVE-2017-14414 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php. | |||||
| CVE-2016-10181 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on the D-Link DWR-932B router. qmiweb provides sensitive information for CfgType=get_homeCfg requests. | |||||
| CVE-2017-7851 | 2 D-link, Dlink | 2 Dcs-936l, Dcs-936l | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header. | |||||
| CVE-2015-7246 | 2 D-link, Dlink | 2 Dvg-n5402sp Firmware, Dvg-n5402sp | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access. | |||||
| CVE-2017-14424 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 2.1 LOW | 7.8 HIGH |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions. | |||||