Skip to main content

Dir 865L Firmware

12 CVEs product

Monthly

CVE-2020-25786 MEDIUM POC This Month

webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP Dir 803 Firmware Dir 816L Firmware +4
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-13787 HIGH POC This Week

D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 865L Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-13786 HIGH POC This Week

D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Dir 865L Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-13785 HIGH POC This Week

D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 865L Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-13784 HIGH POC This Week

D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 865L Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-13783 HIGH POC This Week

D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 865L Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-13782 HIGH POC THREAT This Week

D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dir 865L Firmware
NVD
CVSS 3.1
8.8
EPSS
27.1%
CVE-2019-17621 CRITICAL POC KEV PATCH THREAT Act Now

The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

D-Link Command Injection Dir 859 Firmware Dir 822 Firmware Dir 823 Firmware +11
NVD
CVSS 3.1
9.8
EPSS
89.6%
CVE-2018-6530 CRITICAL POC KEV THREAT Act Now

OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 860L Firmware Dir 865L Firmware Dir 868l Firmware +1
NVD GitHub
CVSS 3.1
9.8
EPSS
96.7%
CVE-2018-6529 MEDIUM POC This Month

XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP Dir 860L Firmware Dir 865L Firmware +1
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2018-6528 MEDIUM POC This Month

XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP Dir 860L Firmware Dir 865L Firmware +1
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2018-6527 MEDIUM POC This Month

XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP Dir 860L Firmware Dir 865L Firmware +1
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
EPSS 1% CVSS 6.1
MEDIUM POC This Month

webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP +6
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 865L Firmware
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Dir 865L Firmware
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 865L Firmware
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 865L Firmware
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 865L Firmware
NVD
EPSS 27% CVSS 8.8
HIGH POC THREAT This Week

D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dir 865L Firmware
NVD
EPSS 90% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

D-Link Command Injection Dir 859 Firmware +13
NVD
EPSS 97% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 860L Firmware +3
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC This Month

XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP +3
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC This Month

XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP +3
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC This Month

XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP +3
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy