D-Link

Weak default credential generation in the D-Link DWR-X1820 router exposes administrative access to adjacent-network attackers who can derive the device password from its IMEI number. All devices running firmware prior to 1.00B16CP are affected when users have not changed the factory-set password - a common real-world condition for consumer-grade routers. An attacker with knowledge of the IMEI-to-password derivation algorithm and physical or logical access to the IMEI (e.g., from the device label) can authenticate to the router admin interface without prior credentials. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip_address results in command injection. The attack can be initiated remotely. The exploit is now public and may be used.

A security vulnerability has been detected in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this issue is the function sub_445E7C of the file /goform/singlePortForward. Such manipulation of the argument ip_address leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

A weakness has been identified in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this vulnerability is the function sub_445E7C of the file /goform/formDMZ.cgi. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.

OS command injection in D-Link DNS-320 firmware 2.06B01 allows remote authenticated administrators to execute arbitrary system commands via unsanitized input to multiple CGI functions (cgi_set_host, cgi_set_ntp, cgi_fan_control, cgi_merge_user) in /cgi-bin/system_mgr.cgi. CVSS 5.1 reflects high-privileged access requirement (PR:H) mitigating network-accessible attack vector; however, the ability to inject OS commands via CGI endpoints creates significant risk in multi-user or compromised-admin scenarios. No public exploit code or active exploitation confirmed at time of analysis.

OS command injection in D-Link DNS-320 2.06B01 webfile_mgr.cgi allows remote authenticated attackers with high privileges to execute arbitrary commands through manipulated file operation parameters (delete, rename, copy, move, chmod, chown). Publicly available exploit code exists; CVSS 2.0 reflects high privilege requirement and limited confidentiality/integrity impact on the vulnerable system only.

OS command injection in D-Link DNS-320 firmware 2.06B01 allows remote authenticated attackers with high privileges to execute arbitrary system commands via multiple CGI parameters in /cgi-bin/network_mgr.cgi (cgi_speed, cgi_dhcpd_lease, cgi_ddns, cgi_set_ip, cgi_upnp_del, cgi_dhcpd, cgi_upnp_add, cgi_upnp_edit). Publicly available exploit code exists and the vulnerability has been documented with proof-of-concept on GitHub.

Buffer overflow in D-Link DCS-935L camera firmware versions up to 1.10.01 allows authenticated remote attackers to achieve complete system compromise via crafted AdminPassword parameter to the HNAP service. Public exploit code exists on GitHub (0xcc12138/DCS-935L-HNAP-Service-CVE), demonstrating weaponization of this vulnerability. CVSS 4.0 score of 7.4 with CVSS:4.0/E:P confirms proof-of-concept exploitation. While authentication is required (PR:L), the low attack complexity (AC:L) and network attack vector (AV:N) combined with publicly available exploit code make this a practical remote exploitation risk for devices exposed to untrusted networks or compromised accounts.

Command injection in D-Link DCS-932L v2.18.01 allows remote unauthenticated attackers to execute arbitrary system commands via the LightSensorControl parameter in the /bin/alphapd binary. CVSS 7.3 indicates network-accessible exploitation with low complexity requiring no authentication or user interaction, though EPSS score of 0.15% (35th percentile) suggests low observed exploitation probability. No CISA KEV listing or confirmed active exploitation. Publicly documented vulnerability details exist on GitHub, increasing risk of future exploitation attempts against this end-of-life IoT camera model.

Buffer overflow in D-Link DI-8100 router firmware 16.07.26A1 enables authenticated remote code execution via crafted input to the /user_group.asp CGI handler. Attackers with high-privilege (administrator) credentials can exploit the unsafe sprintf function to achieve arbitrary code execution with complete system compromise. Public exploit code exists on GitHub, significantly lowering the barrier to exploitation despite the high-privilege requirement.

Buffer overflow in D-Link DI-8100 router firmware 16.07.26A1 allows authenticated administrators to execute arbitrary code via crafted 'Name' parameter to /url_member.asp in the web management interface. Public exploit code exists on GitHub, demonstrating active proof-of-concept availability. EPSS data unavailable; CVSS 7.2 reflects high impact but limited by requirement for high-privilege (admin) authentication, reducing real-world urgency for most organizations unless admin credentials are compromised or insider threat exists.

Buffer overflow in D-Link DI-8100 router (firmware 16.07.26A1) allows authenticated remote attackers to execute arbitrary code or crash the device via crafted HTTP requests to the /tggl.asp endpoint. The vulnerability affects the tggl_asp function's Name parameter handling. Public exploit code is available on GitHub, significantly lowering the barrier to exploitation for attackers with valid router credentials.

Remote unauthenticated buffer overflow in D-Link DI-8100 firmware 16.07.26A1 enables attackers to execute arbitrary code, compromise device integrity, and cause denial of service via crafted POST requests to /url_rule.asp. Public exploit code is available on GitHub, significantly lowering the barrier to exploitation. The CVSS 9.8 critical score reflects network-based remote attack requiring no authentication or user interaction, though no active exploitation has been confirmed via CISA KEV at time of analysis.

Buffer overflow in D-Link DI-8100 router firmware 16.07.26A1 allows remote unauthenticated attackers to execute arbitrary code via crafted HTTP requests to /auto_reboot.asp. The vulnerability exploits unsafe sprintf calls handling the 'enable' and 'time' parameters in the auto-reboot feature's HTTP handler. A public proof-of-concept exploit is available on GitHub, significantly lowering the barrier to exploitation. CVSS 8.9 with EPSS and attack complexity both low indicate high real-world risk for internet-facing devices running this firmware version.

Stack-based buffer overflow in D-Link DI-8100 router firmware 16.07.26A1 allows authenticated remote attackers with high privileges to execute arbitrary code via malformed ID parameter to yyxz.asp administrative interface. Public exploit code exists on GitHub, demonstrating reliable exploitation. CVSS 7.3 (High) reflects network attack vector but requires admin-level authentication, limiting real-world exposure to compromised credentials or insider scenarios.

Hardcoded telnet backdoor in D-Link DIR-456U Hardware Revision A1 firmware grants remote unauthenticated attackers root shell access using static credentials ('Alphanetworks' / 'whdrv01_dlob_dir456U'). The telnet daemon launches automatically at boot via /etc/init0.d/S80telnetd.sh and validates credentials through strcmp() comparison against hardcoded values in /etc/config/image_sign. Device is End-of-Life with no patches forthcoming. CVSS 9.8 reflects network-accessible unauthenticated remote code execution, though exploitation requires local network access to telnet service.

Remote root shell access via hardcoded telnet backdoor in D-Link DIR-600L Hardware Revision A1 allows network-adjacent attackers to authenticate with publicly known credentials ('Alphanetworks' / 'wrgn35_dlwbr_dir600l') and obtain full administrative control. The backdoor telnet daemon launches automatically at boot with static credentials stored in /etc/alpha_config/image_sign. The device is End-of-Life with no patches forthcoming, creating permanent exposure for deployed units. EPSS data not available; no CISA KEV listing identified, though the trivial exploitation complexity (CVSS AC:L, PR:N) and public disclosure make exploitation highly likely once details are disseminated.

D-Link DIR-600L Hardware Revision B1 routers expose a hardcoded telnet backdoor granting unauthenticated remote attackers root shell access via static credentials ('Alphanetworks' / 'wrgn61_dlwbr_dir600L'). The vulnerability affects End-of-Life devices that will never receive patches, making permanent network isolation or replacement the only remediation options. With CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and publicly documented credentials, this represents critical risk for any exposed device, though exploitation requires local network access despite the 'Network' attack vector classification.

Hardcoded telnet backdoor in D-Link DIR-605L Hardware Revision B2 firmware enables unauthenticated root access for remote attackers on the local network using static credentials 'Alphanetworks:wrgn76_dlwbr_dir605L'. The telnet daemon starts automatically at boot, validating credentials via strcmp() against hardcoded values in /etc/alpha_config/image_sign, granting complete administrative control to anyone who knows the password. This End-of-Life device will receive no security patches. EPSS data not available; no CISA KEV listing identified at time of analysis, suggesting targeted disclosure rather than widespread exploitation campaigns.

Hardcoded credentials in D-Link DIR-605L Hardware Revision A1 firmware grant root-level telnet access to unauthenticated attackers on adjacent networks. The telnet daemon automatically starts at boot with username 'Alphanetworks' and static password 'wrgn35_dlwbr_dir605l', enabling complete device takeover including network traffic interception, configuration modification, and pivot attacks against internal networks. This End-of-Life product will receive no vendor patch, requiring immediate device replacement. CVSS score of 8.8 reflects high impact across confidentiality, integrity, and availability, with adjacent network attack vector reducing but not eliminating risk for home and small office deployments.

Weak password recovery in D-Link M60 up to version 1.20B02 allows remote attackers to compromise device authentication through manipulation of the /usr/bin/httpd binary, requiring high attack complexity but with publicly disclosed exploit code available. The vulnerability enables information disclosure and potential unauthorized access to device management functions despite the low CVSS score of 2.9 reflecting limited confidentiality impact.

Remote authenticated attackers can execute arbitrary code on D-Link DIR-825M routers (firmware 1.1.12) by sending specially crafted requests to the /boafrm/formWanConfigSetup endpoint with malicious submit-url parameters, triggering a buffer overflow in function sub_414BA8. Public proof-of-concept exploit code exists on GitHub (Kiciot/cve#3), significantly lowering exploitation barriers. While requiring authentication (PR:L), the network attack vector (AV:N) and low complexity (AC:L) enable remote compromise of affected devices with potential for complete device control (VC:H/VI:H/VA:H). No CISA KEV listing or EPSS data available at time of analysis.

Buffer overflow in D-Link DIR-825M 1.1.12 router allows authenticated remote attackers to achieve high-severity code execution via crafted submit-url parameter in VPN configuration interface. Public exploit code exists (CVSS 4.0 E:P) with technical details disclosed on GitHub, enabling remote compromise of router administrative functions by low-privileged authenticated users. CVSS 7.4 HIGH severity with network attack vector and low complexity indicates significant risk for internet-facing devices with default or weak credentials.

Remote code execution in D-Link DI-8100 router firmware 16.07.26A1 allows unauthenticated attackers to compromise the device via buffer overflow in the CGI endpoint. The vulnerability resides in the tgfile.htm CGI handler where inadequate input validation of the 'fn' parameter enables attackers to overflow a stack or heap buffer. Public exploit code is available on GitHub, significantly lowering the barrier to exploitation against internet-exposed devices. CVSS 8.9 (Critical) with network vector, low complexity, and no privileges required indicates high real-world risk for exposed D-Link DI-8100 routers.

Buffer overflow in D-Link DI-8100 router firmware 16.07.26A1 allows authenticated administrators to execute arbitrary code remotely via crafted file extension names. The vulnerability affects the file_exten.asp File Extension Handler component, with a publicly available exploit (E:P in CVSS vector). While requiring high-privilege access (PR:H), successful exploitation grants complete system control (VC:H/VI:H/VA:H), and the attack complexity is low (AC:L). No CISA KEV listing indicates targeted rather than widespread exploitation despite public POC availability.

Stack-based buffer overflow in D-Link DIR-825 firmware 3.00b32's nmbd NetBIOS service allows adjacent network attackers to achieve complete device compromise without authentication. Public exploit code exists (SSVC: POC confirmed), though EPSS probability remains low (0.03%, 7th percentile) indicating limited observed exploitation attempts. This vulnerability affects end-of-life hardware no longer receiving vendor security updates, creating permanent risk for deployed devices.

Command injection in D-Link DIR-822 A_101 udhcpd DHCP service allows remote unauthenticated attackers to execute arbitrary commands via a malicious Hostname parameter in DHCP requests. The vulnerability affects an end-of-life product with publicly disclosed exploit code available, creating significant risk for organizations unable to migrate away from legacy hardware.

Buffer overflow in D-Link DIR-825 router's miniupnpd service allows authenticated adjacent network attackers to achieve complete device compromise through malicious UPnP SOAP requests. Affects DIR-825 firmware versions up to 3.00b32, which D-Link no longer supports. Public exploit code exists (CVSS:4.0 7.3 High), but EPSS probability remains low at 0.03% (7th percentile), suggesting limited real-world exploitation activity. Remediation options are constrained as the product has reached end-of-life status.

Cross-site scripting (XSS) in D-Link DSL-2740R EU_01.15 allows authenticated remote attackers with high privileges to inject malicious scripts via the Wireless Network Name parameter in the Wireless Setup Section, affecting data integrity when a user views the compromised configuration. The vulnerability requires user interaction and administrative credentials, limiting its real-world exploitation scope despite publicly available exploit code.

Stored or reflected cross-site scripting (XSS) in D-Link DGS-3420 firmware 1.50.018 allows authenticated remote attackers to inject malicious scripts via the System Name parameter on the System Information Settings Page. The vulnerability requires high-level administrative privileges and user interaction (UI:R), limiting exploitation to scenarios where an authenticated admin visits a malicious page or clicks a crafted link. Publicly available exploit code exists; CVSS 4.5 reflects the requirement for admin access and user interaction, though the impact is information disclosure or session hijacking potential through XSS.

Brute-force protection bypass in D-Link DWM-222W USB Wi-Fi Adapter allows remote unauthenticated attackers to perform unlimited authentication attempts against the device's login interface. The vulnerability eliminates rate limiting controls, enabling adversaries to systematically guess credentials until device takeover is achieved. CVSS 8.7 reflects the high integrity impact (VI:H) from potential device compromise, though no public exploit code has been identified and CISA has not flagged active exploitation.

Buffer overflow in D-Link DIR-513 firmware 1.10 formAdvanceSetup function enables authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in POST request handling at /goform/formAdvanceSetup endpoint, where insufficient input validation of the 'webpage' parameter triggers memory corruption. Publicly available exploit code exists. This router model is end-of-life with no vendor support.

Buffer overflow in D-Link DIR-513 1.10 POST request handler allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The formSetRoute function improperly validates the curTime parameter, enabling memory corruption attacks. Publicly available exploit code exists. This vulnerability affects end-of-life hardware no longer supported by D-Link, leaving no vendor remediation pathway.

Buffer overflow in D-Link DIR-513 1.10 formSetPassword function allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. Exploitation occurs through POST request manipulation of the curTime parameter in /goform/formSetPassword endpoint. This end-of-life product receives no vendor support, and publicly available exploit code exists. Attack requires low-privilege authentication (CVSS PR:L) but no user interaction, enabling straightforward remote exploitation once credentials are obtained.

Buffer overflow in D-Link DIR-605L 2.13B01 router allows authenticated remote attackers to achieve code execution via POST request manipulation. The formSetLog function in /goform/formSetLog improperly handles the curTime parameter, enabling memory corruption. Publicly available exploit code exists. This end-of-life product receives no vendor support or security updates.

Buffer overflow in D-Link DIR-605L 2.13B01 router enables remote code execution via POST request manipulation of curTime parameter in formSetDDNS function. Publicly available exploit code exists. Affected device is end-of-life with no vendor support. Authenticated attacker with low-privilege network access can achieve complete system compromise (high confidentiality, integrity, availability impact per CVSS 4.0 scoring).

Buffer overflow in D-Link DIR-605L 2.13B01 wireless router enables remote authenticated attackers to achieve arbitrary code execution via crafted POST requests to /goform/formAdvNetwork endpoint. Exploitation manipulates the curTime parameter in the formAdvNetwork function, triggering memory corruption. This end-of-life device receives no vendor support; publicly available exploit code exists. Affected hardware presents elevated risk in legacy network environments where administrative credentials may be compromised.

Buffer overflow in D-Link DIR-605L 2.13B01 router allows authenticated attackers to achieve remote code execution via crafted curTime parameter in formSetMACFilter POST handler. This end-of-life product receives no vendor support. Publicly available exploit code exists. Attackers with low-privilege network access can compromise device confidentiality and integrity remotely without user interaction.

Buffer overflow in D-Link DIR-605L 2.13B01 wireless router enables remote authenticated attackers to execute arbitrary code via the formAdvFirewall function in POST request handler. Exploitation occurs through manipulation of the curTime parameter in /goform/formAdvFirewall endpoint. Publicly available exploit code exists. This end-of-life product receives no vendor security support, requiring immediate device replacement for affected deployments.

Buffer overflow in D-Link DIR-605L 2.13B01 router allows authenticated remote attackers to achieve code execution through malicious curTime parameter in formVirtualServ function via POST request to /goform/formVirtualServ endpoint. Affects end-of-life product with no vendor support. Publicly available exploit code exists. Attack requires low-privilege authentication but no user interaction, enabling remote compromise of device confidentiality and integrity.

OS command injection in D-Link DIR-882 router (firmware 1.01B02) allows authenticated remote attackers to execute arbitrary system commands via malicious IPAddress parameter to prog.cgi HNAP1 SetNetworkSettings handler. Requires high privileges (PR:H) but achieves full system compromise (CVSS 7.3). Publicly available exploit code exists. Product discontinued; vendor no longer provides security updates.

Stack-based buffer overflow in D-Link DIR-645 router (versions 1.01, 1.02, 1.03) via hedwigcgi_main function in /cgi-bin/hedwig.cgi allows authenticated remote attackers to achieve complete system compromise. Exploitation requires low-privilege credentials but no user interaction. Publicly available exploit code exists. Product is end-of-life with no vendor support, making remediation limited to device replacement or network isolation.

Stack-based buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 allows unauthenticated remote attackers to trigger denial-of-service conditions by sending malformed name parameter values to the /url_member.asp endpoint. The vulnerability enables network-accessible attackers to crash the device without authentication or user interaction, disrupting availability of routing services. No public exploit identified at time of analysis.

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions through malformed wans parameter input to the qos.asp Quality-of-Service configuration endpoint. Exploitation requires no user interaction and achieves complete availability impact against network infrastructure device. Low observed exploitation activity (EPSS 0.02%, 5th percentile); no public exploit identified at time of analysis.

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions via malformed input to the /tggl.asp endpoint. The vulnerability stems from inadequate input validation, allowing network-accessible exploitation without authentication or user interaction. Exploitation results in high-impact availability loss with no confidentiality or integrity compromise. No public exploit identified at time of analysis. EPSS score indicates low observed exploitation activity.

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service attacks through malformed input to the name parameter at /qos_type_asp.asp endpoint. Attackers can trigger service disruption without authentication or user interaction by exploiting insufficient input validation in the QoS management interface. EPSS indicates low observed exploitation activity; no public exploit identified at time of analysis.

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial of service attacks. Attackers can trigger memory corruption by submitting oversized 's' parameter values to the pppoe_list_opt.asp endpoint without authentication, causing device unavailability. CVSS 7.5 severity reflects network-accessible attack vector with low complexity. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions via crafted HTTP GET requests to /xwgl_bwr.asp endpoint. Exploitation occurs through oversized name, qq, or time parameters causing memory corruption. CVSS score 7.5 reflects high availability impact without confidentiality or integrity compromise. No public exploit identified at time of analysis, with low observed exploitation activity (EPSS <1%).

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions via crafted HTTP GET requests to the /url_rule.asp endpoint. Exploitation requires no user interaction and succeeds over network access with low complexity. Eight vulnerable parameters (name, en, ips, u, time, act, rpri, log) accept unbounded input causing stack memory corruption. CVSS 7.5 HIGH severity reflects network-accessible availability impact. No public exploit identified at time of analysis. EPSS 0.01% indicates low observed exploitation activity.

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service attacks through crafted HTTP GET requests to /web_keyword.asp endpoint. Attackers exploit improper input validation in name, en, time, mem_gb2312, and mem_utf8 parameters to trigger memory corruption, causing device unavailability. CVSS 7.5 (High) severity reflects network-accessible attack vector requiring no user interaction or privileges. No public exploit identified at time of analysis; low observed exploitation activity.

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial of service through the /xwgl_ref.asp endpoint. Attackers exploit improper input validation by sending HTTP GET requests with excessively long strings in eight parameters (name, en, user_id, shibie_name, time, act, log, rpri), causing stack buffer overflow and device crash. Low observed exploitation activity (EPSS <1%). No public exploit identified at time of analysis. Affects network-accessible management interface without authentication requirements.

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions through malformed vlan_name parameter submitted to /shut_set.asp endpoint. Improper input validation in VLAN configuration interface permits memory corruption leading to system availability disruption. CVSS 7.5 reflects network-accessible attack requiring no user interaction or credentials. No public exploit identified at time of analysis; low observed exploitation activity (EPSS 0.02%).

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 qj.asp endpoint enables unauthenticated remote denial-of-service attacks through malformed HTTP requests. Insufficient input validation allows attackers to trigger memory corruption, crashing the device and disrupting network services. Confidentiality and integrity remain intact per CVSS scoring, but availability impact is severe. No public exploit identified at time of analysis. EPSS indicates low observed exploitation activity.

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 allows unauthenticated remote attackers to trigger denial-of-service conditions by sending malformed http_lanport parameter values to the /webgl.asp endpoint. Network-accessible attack requires no user interaction or privileges. Exploitation causes availability impact only with no confidentiality or integrity compromise. Low observed exploitation activity (EPSS <1%). No public exploit identified at time of analysis.

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service attacks through malformed name parameter in /thd_group.asp endpoint. Improper input validation triggers stack-based buffer overflow, causing device crashes or service disruption without requiring user interaction. Attack vector is network-accessible with low complexity. No public exploit identified at time of analysis.

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service attacks via malformed routes_static parameter to /router.asp endpoint. The vulnerability permits network-accessible attackers to crash the device without credentials or user interaction. No public exploit identified at time of analysis. CVSS 7.5 (High) reflects complete availability impact with network attack vector and low complexity.

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions via malformed name and mem parameters submitted to the /time_group.asp endpoint. The vulnerability requires no user interaction and permits network-based exploitation with low attack complexity. No public exploit identified at time of analysis. EPSS score of 0.02% indicates low observed exploitation activity.

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions through malformed id parameter input to /saveparm_usb.asp endpoint. Exploitation requires network access to administrative interface without authentication. CWE-120 classification indicates classic buffer overflow allowing memory corruption. CVSS vector confirms network-exploitable, unauthenticated attack path with high availability impact but no data confidentiality or integrity compromise. No public exploit identified at time of analysis.

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service attacks through malformed id parameter in /thd_member.asp endpoint. Exploiting this CWE-120 flaw requires no authentication (CVSS:PR:N) and permits network-based attackers to crash device availability with low complexity. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%). Affects D-Link network infrastructure devices running vulnerable firmware version.

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 via /yyxz_dlink.asp endpoint enables unauthenticated network-based denial of service attacks. Improper parameter validation allows remote attackers to crash the device or trigger service interruption without authentication, user interaction, or elevated privileges. CVSS 7.5 (High) severity reflects network accessibility and availability impact. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).

Buffer overflow in D-Link DI-8003 (16.07.26A1) and DI-8003G (19.12.10A1) routers enables unauthenticated remote denial-of-service through improper handling of the wan_ping parameter at the /wan_ping.asp endpoint. Network-accessible attack requires no user interaction or privileges. CVSS:3.1 score 7.5 (High) reflects availability impact. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial of service via malicious iface parameter to /wan_line_detection.asp endpoint. Attack requires no user interaction and exploits improper input validation in network-accessible web management interface. CVSS 7.5 (High) severity reflects availability impact; no public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions through malformed 's' parameter input to the /web_list_opt.asp endpoint. The vulnerability requires no user interaction and is exploitable over the network with low attack complexity. CVSS 7.5 (High) reflects network-accessible DoS impact. No public exploit identified at time of analysis; low observed exploitation activity (EPSS <1%).

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service attacks via crafted name parameter to /url_group.asp endpoint. Attackers can trigger stack-based buffer overflow remotely over network without user interaction, causing high availability impact through service disruption or device crash. No public exploit identified at time of analysis. CVSS 7.5 severity reflects network-accessible attack vector with low complexity.

Stack-based buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service via malformed HTTP GET request to /user_group.asp endpoint. Attacker sends crafted name, mem, pri, or attr parameters triggering memory corruption and device crash. CVSS 7.5 High severity reflects network-accessible attack requiring no privileges or user interaction. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS <1%).

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions through malformed pid parameter values in the /trace.asp endpoint. The vulnerability requires no user interaction and is exploitable over the network with low attack complexity, affecting network availability for enterprise routing infrastructure. No public exploit identified at time of analysis.

Buffer overflow in D-Link DI-8300 router firmware v16.07.26A1 enables unauthenticated remote attackers to trigger denial of service conditions via malformed input to the fn parameter in tgfile_htm function. Network-accessible attack vector requires no privileges or user interaction. CVSS 7.5 (High) reflects availability impact. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).

Buffer overflow in D-Link DI-8300 router firmware v16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions through malformed fx parameter input to the jingx_asp function. Network-accessible exploitation requires no authentication or user interaction (CVSS AV:N/PR:N/UI:N). Impact limited to availability disruption; no data confidentiality or integrity compromise. No public exploit identified at time of analysis. EPSS 0.02% indicates low observed exploitation activity.

Buffer overflow in D-Link enterprise VPN router series (DI-8003, DI-8500, DI-8003G, DI-8200G, DI-8200, DI-8400, DI-8004w, DI-8100, DI-8100G) firmware versions 16.07.26A1 and 17.12.20A1/17.12.21A1 allows unauthenticated remote attackers to trigger denial of service via crafted HTTP requests exploiting rd_en, rd_auth, rd_acct, http_hadmin, http_hadminpwd, rd_key, and rd_ip parameters in radius_asp function. Attack requires no user interaction or authentication (CVSS:3.1 AV:N/AC:L/PR:N/UI:N). No public exploit identified at time of analysis.

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions via crafted HTTP GET requests to /web_post.asp endpoint. Vulnerable parameters include name, en, user_id, log, and time fields. Attack requires no user interaction and exploits improper input validation in web management interface. CVSS 7.5 (High) severity with network-accessible attack vector. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS <1%).

Buffer overflow in D-Link DI-8300 router firmware v16.07.26A1 ip_position_asp function enables unauthenticated remote attackers to trigger denial of service through crafted input to the ip parameter. Network-accessible vulnerability requires no user interaction. No public exploit identified at time of analysis. CVSS 7.5 (High) reflects unauthenticated network attack vector with complete availability impact.

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service attacks via crafted name parameter to /usb_paswd.asp endpoint. Stack-based buffer overflow (CWE-121) triggers memory corruption leading to service disruption. Affects network-accessible administrative interfaces without authentication barrier (CVSS AV:N/PR:N). No public exploit identified at time of analysis. Low observed exploitation activity (EPSS <1%).

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service via malformed custom_error parameter to /user.asp endpoint. Attackers can crash device remotely without credentials by exploiting stack-based buffer overflow (CWE-121). CVSS 7.5 reflects network-accessible, low-complexity attack requiring no user interaction. No public exploit identified at time of analysis; low observed exploitation activity (EPSS 0.02%).

Path traversal in PraisonAI's recipe registry publish endpoint allows authenticated users with publish access to write arbitrary files outside the configured registry root. The vulnerability affects the pip package 'praisonai' and stems from trusting attacker-controlled manifest.json name/version fields before validation, enabling directory traversal sequences like '../../' to bypass intended storage boundaries. While the malicious publish request returns HTTP 400, the out-of-bounds file write persists on disk. EPSS exploitation probability is low (0.06%, 18th percentile) with no active exploitation reported. Vendor patch available in version 4.5.113.

Improper access controls in D-Link network-attached storage devices (DNS-120 through DNS-1550-04, firmware versions up to 20260205) allow remote unauthenticated attackers to manipulate disk management functions via the /cgi-bin/dsk_mgr.cgi endpoint, resulting in availability impact. Publicly available exploit code exists and the vulnerability has moderate real-world exploitability (CVSS 5.5, EPSS probability indicated by E:P vector), requiring no authentication or user interaction for remote attack.

Improper access controls in D-Link DNS and DNR series NAS devices allow unauthenticated remote attackers to manipulate the cmd argument in the Webdav_Access_List function via /cgi-bin/file_center.cgi, resulting in information disclosure with CVSS 5.5. Public exploit code is available, placing affected devices at immediate risk of unauthorized data access.

Improper access controls in D-Link DNS and DNR network-attached storage devices allow unauthenticated remote attackers on adjacent networks to access IPv6 configuration functions via the cgi_get_ipv6 function in /cgi-bin/network_mgr.cgi, potentially disclosing sensitive network configuration information. The vulnerability affects multiple D-Link models up to firmware version 20260205, publicly available exploit code exists, and the attack requires only network adjacency with low complexity.

Stack-based buffer overflow in D-Link NAS device management interfaces allows authenticated remote attackers to execute arbitrary code with high impact across 21 product models. The vulnerability resides in the cgi_addgroup_get_group_quota_minsize function within /cgi-bin/account_mgr.cgi, exploitable via malicious Name parameter input. Public exploit code exists on GitHub, significantly lowering the technical barrier for attacks. Authentication is required (PR:L), but once authenticated, attackers achieve full confidentiality, integrity, and availability compromise. EPSS and KEV status not provided, but the combination of public POC, network accessibility (AV:N), low complexity (AC:L), and widespread device deployment represents material risk to organizations using affected D-Link NAS products.

Stack-based buffer overflow in D-Link NAS devices allows authenticated remote attackers to achieve complete system compromise with high-confidence exploitation. Affects 20+ D-Link DNS and DNR series network storage products through firmware versions released until February 5, 2026. Publicly available exploit code exists targeting the account_mgr.cgi component, enabling remote code execution with low attack complexity once authenticated. CVSS 8.8 (High) with confirmed proof-of-concept demonstrates practical exploitability despite requiring low-privilege authentication.

Stack-based buffer overflow in D-Link NAS devices enables authenticated remote attackers to execute arbitrary code with full system privileges. Affecting 20+ end-of-life D-Link DNS and DNR network storage models through firmware version 20260205, the flaw resides in the Webdav_Upload_File function within /cgi-bin/webdav_mgr.cgi. Publicly available exploit code exists, significantly lowering the barrier to exploitation. CVSS 8.8 (High) reflects network-accessible attack requiring only low-privilege authentication with no user interaction. Organizations using these legacy devices face immediate risk of complete confidentiality, integrity, and availability compromise.

Stack-based buffer overflow in D-Link NAS devices enables remote code execution with high integrity impact for authenticated users. The vulnerability resides in the UPnP_AV_Server_Path_Del function within /cgi-bin/app_mgr.cgi, exploitable via manipulation of the f_dir parameter. With CVSS 8.8 (High), low attack complexity (AC:L), network accessibility (AV:N), and publicly available exploit code, this represents an elevated threat to approximately 20 legacy D-Link NAS models through firmware versions up to 20260205. No vendor-released patch identified at time of analysis, and many affected models appear to be end-of-life products.

Stack-based buffer overflow in D-Link DIR-513 1.10 router's email configuration interface allows authenticated remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability affects the formSetEmail function via manipulation of the curTime parameter. Publicly available exploit code exists on GitHub, significantly lowering the exploitation barrier. CRITICAL LIMITATION: This product reached end-of-life and receives no security updates from D-Link, making this a permanent risk for deployed devices. CVSS 8.8 with low attack complexity and CVSS:3.1 Exploit Maturity 'Proof-of-Concept' confirms immediate exploitability.

An OS command injection vulnerability exists in D-Link DIR-825 and DIR-825R routers running firmware versions 1.0.5 and 4.5.1 respectively. The flaw resides in the handler_update_system_time function within the libdeuteron_modules.so library of the NTP Service component, allowing authenticated attackers with high privileges to execute arbitrary operating system commands remotely. These products are end-of-life and no longer supported by D-Link, meaning no patches will be released.

Remote code execution in D-Link DIR-513 1.10 through stack-based buffer overflow in the /goform/formEasySetTimezone endpoint allows authenticated attackers to achieve full system compromise. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from the vendor. An attacker with valid credentials can exploit this remotely without user interaction to execute arbitrary commands with system privileges.

Stack-based buffer overflow in D-Link DHP-1320 PowerLine AV adapter (firmware 1.00WWB04) allows remote authenticated attackers to execute arbitrary code with full device control via malformed SOAP requests to the redirect_count_down_page function. Publicly available exploit code exists on GitHub (confirmed by VulDB). EPSS score of 0.04% (14th percentile) indicates low observed exploitation in the wild despite POC availability. Product reached end-of-life and receives no security updates from D-Link, making this a permanent risk for deployed devices.

An OS command injection vulnerability exists in the D-Link DIR-820LW router firmware version 2.03, specifically in the ssdpcgi_main function of the SSDP component. The vulnerability allows remote, unauthenticated attackers to execute arbitrary operating system commands via manipulation of the HTTP_ST environment variable. A proof-of-concept exploit has been publicly disclosed on GitHub, making this an immediate concern for organizations using affected devices.

Remote code execution in D-Link DIR-513 1.10 via stack-based buffer overflow in the /goform/formEasySetPassword endpoint allows unauthenticated attackers to achieve full system compromise through a malicious curTime parameter. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from the vendor. An attacker with network access can execute arbitrary code with high privileges without user interaction.

OS command injection in D-Link DIR-513 1.10 via the /goform/formSysCmd endpoint allows authenticated remote attackers to execute arbitrary commands with network access. The vulnerability stems from insufficient input validation of the sysCmd parameter and has public exploit code available. No patch is available, and affected devices are no longer supported by D-Link.

Command injection in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-325 series, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 up to firmware version 20260205) allows authenticated remote attackers to execute arbitrary commands through the /cgi-bin/download_mgr.cgi file's RSS management functions. Public exploit code exists for this vulnerability, and no patch is currently available.

Command injection in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-323-327L, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, DNS-1550-04 through firmware version 20260205) allows authenticated remote attackers to execute arbitrary commands via the /cgi-bin/remote_backup.cgi backup scheduling functions. Public exploit code exists for this vulnerability and no patch is currently available.