Skip to main content

D-Link

1370 CVEs vendor

Monthly

CVE-2021-33266 CRITICAL POC THREAT Act Now

D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualApp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Dir 809 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
16.9%
CVE-2021-33265 CRITICAL POC THREAT Act Now

D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80046eb4 in /formSetPortTr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Dir 809 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
13.7%
CVE-2021-42784 CRITICAL PATCH Act Now

OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 firmware allows a remote attacker to perform command injection via a crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

D-Link Command Injection Dwr 932C E1 Firmware
NVD
CVSS 3.1
9.8
EPSS
7.1%
CVE-2021-42783 CRITICAL PATCH Act Now

Missing Authentication for Critical Function vulnerability in debug_post_set.cgi of D-Link DWR-932C E1 firmware allows an unauthenticated attacker to execute administrative actions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

D-Link Authentication Bypass Dwr 932C E1 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2020-25368 CRITICAL POC THREAT Emergency

A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.6%.

Command Injection D-Link Dir 823G Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
12.6%
CVE-2020-25366 CRITICAL POC Act Now

An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass D-Link Dir 823G Firmware
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
3.3%
CVE-2020-25367 CRITICAL POC THREAT Emergency

A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.6%.

D-Link Command Injection Dir 823G Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
12.6%
CVE-2021-33259 MEDIUM POC This Month

Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 868Lw Firmware
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
2.2%
CVE-2021-34863 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow D-Link RCE Stack Overflow Dap 2020 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-34862 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow D-Link RCE Stack Overflow Dap 2020 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-34861 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow D-Link RCE Stack Overflow Dap 2020 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-34860 MEDIUM PATCH This Month

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 1.01rc001 routers. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

D-Link Path Traversal Dap 2020 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-41753 HIGH This Week

A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1.04B04, and DIR-X6060, v1.11B04 allows a remote unauthenticated attacker to disconnect a wireless client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir X1560 Firmware Dir X6060 Firmware
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-40655 HIGH POC KEV THREAT This Week

An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Authentication Bypass Dir 605l Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
87.0%
CVE-2021-40654 MEDIUM POC This Month

An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Information Disclosure Authentication Bypass Dir 615 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-41504 HIGH This Week

An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Information Disclosure Dcs 932l Firmware Dcs 5000L Firmware
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2021-21913 CRITICAL POC Act Now

An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Authentication Bypass Dir 3040 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-40284 MEDIUM PATCH This Month

D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow D-Link Denial Of Service Dsl 3782 Firmware
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2021-39510 CRITICAL POC Act Now

An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
8.6%
CVE-2021-39509 CRITICAL POC Act Now

An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
5.1%
CVE-2021-39615 CRITICAL POC Act Now

D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsr 500N Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-39614 CRITICAL POC Act Now

D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dvx 2000Ms Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-39613 CRITICAL POC Act Now

D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dvg 3104Ms Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-3708 HIGH This Week

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dsl 2750U Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
24.6%
CVE-2021-3707 MEDIUM This Month

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dsl 2750U Firmware
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2021-29296 HIGH This Week

Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference D-Link Denial Of Service Dir 825 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-29295 HIGH This Week

Null Pointer Dereference vulnerability exists in D-Link DSP-W215 1.10, which could let a remote malicious user cause a denial of servie via usr/bin/lighttpd. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference D-Link Denial Of Service Dsp W215 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-29294 HIGH This Week

Null Pointer Dereference vulnerability exists in D-Link DSL-2740R UK_1.01, which could let a remove malicious user cause a denial of service via the send_hnap_unauthorized function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference D-Link Denial Of Service Dsl 2740R Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-28840 HIGH POC This Week

Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference D-Link Denial Of Service Dap 2310 Firmware Dap 2330 Firmware +7
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-28839 HIGH POC This Week

Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference D-Link Denial Of Service Dap 2310 Firmware Dap 2330 Firmware +7
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-28838 HIGH POC This Week

Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference D-Link Denial Of Service Dap 2310 Firmware Dap 2330 Firmware +7
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-37388 CRITICAL POC Act Now

A buffer overflow in D-Link DIR-615 C2 3.03WW. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link RCE Dir 615 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2021-21820 CRITICAL POC Act Now

A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Authentication Bypass Dir 3040 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-21819 HIGH POC This Week

A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection Dir 3040 Firmware
NVD
CVSS 3.1
7.2
EPSS
2.9%
CVE-2021-21818 HIGH POC This Week

A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Denial Of Service Authentication Bypass Dir 3040 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-21817 HIGH POC This Week

An information disclosure vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 3040 Firmware
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-21816 MEDIUM POC THREAT This Month

An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 3040 Firmware
NVD
CVSS 3.1
4.3
EPSS
36.5%
CVE-2021-34830 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow D-Link RCE Stack Overflow Dap 1330 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-34829 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow D-Link RCE Dap 1330 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-34828 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow D-Link RCE Dap 1330 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-34827 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow D-Link RCE Stack Overflow Dap 1330 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-33346 CRITICAL POC Act Now

There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsl 2888A Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-34204 MEDIUM POC This Month

D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 2640 Us Firmware
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
1.4%
CVE-2021-34203 HIGH POC This Week

D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 2640 Us Firmware
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
1.6%
CVE-2021-34201 HIGH POC This Week

D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Dir 2640 Us Firmware
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.6%
CVE-2021-34202 HIGH POC This Week

There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE D-Link Memory Corruption Dir 2640 Us Firmware
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
4.4%
CVE-2021-27342 MEDIUM POC This Month

An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR-842 firmware version 3.0.2 allows a remote attacker to circumvent the anti-brute-force cool-down delay. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 842E Firmware
NVD GitHub
CVSS 3.1
5.9
EPSS
4.6%
CVE-2021-27250 MEDIUM PATCH This Month

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

D-Link Information Disclosure Dap 2020 Firmware
NVD
CVSS 3.1
6.5
EPSS
66.0%
CVE-2021-27249 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

D-Link RCE Command Injection Dap 2020 Firmware
NVD
CVSS 3.1
8.8
EPSS
5.1%
CVE-2021-27248 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow D-Link RCE Stack Overflow Dap 2020 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2021-27114 CRITICAL POC THREAT Act Now

An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
24.6%
CVE-2021-27113 CRITICAL POC Act Now

An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2021-29379 HIGH POC This Week

An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 802 Firmware
NVD
CVSS 3.1
8.8
EPSS
3.5%
CVE-2021-26709 CRITICAL POC THREAT Act Now

D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Dsl 320B D1
NVD
CVSS 3.1
9.8
EPSS
40.1%
CVE-2021-30072 CRITICAL Act Now

An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow D-Link Memory Corruption Dir 878 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-26810 CRITICAL POC Act Now

D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
4.9%
CVE-2021-28143 HIGH POC PATCH THREAT This Week

/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute (under System Tools). Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available.

D-Link Command Injection Dir 841 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
32.0%
CVE-2021-28144 HIGH POC PATCH This Week

prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

D-Link Command Injection Dir 3060 Firmware
NVD
CVSS 3.1
8.8
EPSS
6.0%
CVE-2021-3182 HIGH This Week

D-Link DCS-5220 devices have a buffer overflow. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow D-Link Memory Corruption Dcs 5220 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.9%
CVE-2020-24581 HIGH POC THREAT This Week

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dsl2888A Firmware
NVD
CVSS 3.1
8.0
EPSS
12.6%
CVE-2020-24580 HIGH POC This Week

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsl2888A Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-24579 HIGH POC This Week

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsl2888A Firmware
NVD
CVSS 3.1
8.8
EPSS
10.0%
CVE-2020-24578 MEDIUM POC This Month

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dsl2888A Firmware
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-25759 HIGH This Week

An issue was discovered on D-Link DSR-250 3.17 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dsr 150 Firmware Dsr 150N Firmware Dsr 250 Firmware +7
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-25758 HIGH This Week

An issue was discovered on D-Link DSR-250 3.17 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection D-Link Dsr 150 Firmware Dsr 150N Firmware Dsr 250 Firmware +7
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-25757 HIGH This Week

A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dsr 150 Firmware Dsr 150N Firmware Dsr 250 Firmware +7
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-26567 MEDIUM POC THREAT This Month

An issue was discovered on D-Link DSR-250N before 3.17B devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsr 250N Firmware
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
17.2%
CVE-2020-26582 HIGH POC PATCH This Week

D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping (aka res_config_action=3&res_config_id=18). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection D-Link Dap 1360U Firmware
NVD
CVSS 3.1
8.8
EPSS
4.8%
CVE-2020-25786 MEDIUM POC This Month

webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP Dir 803 Firmware Dir 816L Firmware +4
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-25079 HIGH POC KEV PATCH THREAT This Week

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection D-Link Dcs 4703E Firmware Dcs 4705E Firmware Dcs 4802E Firmware +6
NVD
CVSS 3.1
8.8
EPSS
52.7%
CVE-2020-25078 HIGH POC KEV PATCH THREAT This Week

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

D-Link Information Disclosure Dcs 4603 Firmware Dcs 4622 Firmware Dcs 4701E Firmware +6
NVD
CVSS 3.1
7.5
EPSS
97.9%
CVE-2020-15633 HIGH This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 867 Firmware Dir 878 Firmware Dir 882 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2020-15632 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

RCE D-Link Dir 842 Firmware
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2020-15631 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 1.04B03_HOTFIX WiFi extenders. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection D-Link Dap 1860 Firmware
NVD
CVSS 3.1
8.0
EPSS
2.9%
CVE-2020-15896 HIGH PATCH This Week

An authentication-bypass issue was discovered on D-Link DAP-1522 devices 1.4x before 1.10b04Beta02. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

D-Link Authentication Bypass PHP Dap 1522 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-15895 MEDIUM POC PATCH This Month

An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS D-Link PHP Dir 816L Firmware
NVD
CVSS 3.1
6.1
EPSS
2.8%
CVE-2020-15894 HIGH PATCH This Week

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

D-Link Authentication Bypass PHP Dir 816L Firmware
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-15893 CRITICAL POC PATCH THREAT Act Now

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection D-Link Dir 816L Firmware
NVD
CVSS 3.1
9.8
EPSS
20.9%
CVE-2020-15892 CRITICAL POC PATCH Act Now

An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow D-Link Dap 1520 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-12774 MEDIUM This Month

D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection D-Link Dsl 7740C Firmware
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-9377 HIGH POC KEV THREAT This Week

D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link PHP Dir 610 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
21.3%
CVE-2020-9376 HIGH POC THREAT This Week

D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link PHP Dir 610 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
16.6%
CVE-2020-13150 HIGH This Week

D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dsl 2750U Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-13960 HIGH POC This Week

D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dsl 2730U Firmware Dir 600M Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-13787 HIGH POC This Week

D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 865L Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-13786 HIGH POC This Week

D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Dir 865L Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-13785 HIGH POC This Week

D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 865L Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-13784 HIGH POC This Week

D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 865L Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-13783 HIGH POC This Week

D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 865L Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-13782 HIGH POC THREAT This Week

D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dir 865L Firmware
NVD
CVSS 3.1
8.8
EPSS
27.1%
EPSS 17% CVSS 9.8
CRITICAL POC THREAT Act Now

D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualApp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption +1
NVD GitHub
EPSS 14% CVSS 9.8
CRITICAL POC THREAT Act Now

D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80046eb4 in /formSetPortTr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption +1
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 firmware allows a remote attacker to perform command injection via a crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

D-Link Command Injection Dwr 932C E1 Firmware
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

Missing Authentication for Critical Function vulnerability in debug_post_set.cgi of D-Link DWR-932C E1 firmware allows an unauthenticated attacker to execute administrative actions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

D-Link Authentication Bypass Dwr 932C E1 Firmware
NVD
EPSS 13% CVSS 9.8
CRITICAL POC THREAT Emergency

A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.6%.

Command Injection D-Link Dir 823G Firmware
NVD GitHub VulDB
EPSS 3% CVSS 9.1
CRITICAL POC Act Now

An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass D-Link +1
NVD GitHub VulDB
EPSS 13% CVSS 9.8
CRITICAL POC THREAT Emergency

A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.6%.

D-Link Command Injection Dir 823G Firmware
NVD GitHub VulDB
EPSS 2% CVSS 5.3
MEDIUM POC This Month

Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 868Lw Firmware
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow D-Link RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow D-Link RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow D-Link RCE +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 1.01rc001 routers. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

D-Link Path Traversal Dap 2020 Firmware
NVD
EPSS 3% CVSS 7.5
HIGH This Week

A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1.04B04, and DIR-X6060, v1.11B04 allows a remote unauthenticated attacker to disconnect a wireless client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir X1560 Firmware +1
NVD
EPSS 87% CVSS 7.5
HIGH POC KEV THREAT This Week

An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Authentication Bypass +1
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Information Disclosure Dcs 932l Firmware +1
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Authentication Bypass +1
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow D-Link Denial Of Service +1
NVD
EPSS 9% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsr 500N Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dvx 2000Ms Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dvg 3104Ms Firmware
NVD
EPSS 25% CVSS 7.8
HIGH This Week

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dsl 2750U Firmware
NVD GitHub
EPSS 2% CVSS 5.5
MEDIUM This Month

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dsl 2750U Firmware
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference D-Link Denial Of Service +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Null Pointer Dereference vulnerability exists in D-Link DSP-W215 1.10, which could let a remote malicious user cause a denial of servie via usr/bin/lighttpd. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference D-Link Denial Of Service +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Null Pointer Dereference vulnerability exists in D-Link DSL-2740R UK_1.01, which could let a remove malicious user cause a denial of service via the send_hnap_unauthorized function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference D-Link Denial Of Service +1
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference D-Link Denial Of Service +9
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference D-Link Denial Of Service +9
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference D-Link Denial Of Service +9
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

A buffer overflow in D-Link DIR-615 C2 3.03WW. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link RCE +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Authentication Bypass +1
NVD
EPSS 3% CVSS 7.2
HIGH POC This Week

A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection +1
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Denial Of Service Authentication Bypass +1
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

An information disclosure vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 3040 Firmware
NVD
EPSS 36% CVSS 4.3
MEDIUM POC THREAT This Month

An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 3040 Firmware
NVD
EPSS 2% CVSS 8.8
HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow D-Link RCE +2
NVD
EPSS 2% CVSS 8.8
HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow D-Link RCE +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow D-Link RCE +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow D-Link RCE +2
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsl 2888A Firmware
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM POC This Month

D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 2640 Us Firmware
NVD GitHub VulDB
EPSS 2% CVSS 8.1
HIGH POC This Week

D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 2640 Us Firmware
NVD GitHub VulDB
EPSS 1% CVSS 7.1
HIGH POC This Week

D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption +1
NVD GitHub VulDB
EPSS 4% CVSS 7.8
HIGH POC This Week

There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE D-Link +2
NVD GitHub VulDB
EPSS 5% CVSS 5.9
MEDIUM POC This Month

An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR-842 firmware version 3.0.2 allows a remote attacker to circumvent the anti-brute-force cool-down delay. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 842E Firmware
NVD GitHub
EPSS 66% CVSS 6.5
MEDIUM PATCH This Month

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

D-Link Information Disclosure Dap 2020 Firmware
NVD
EPSS 5% CVSS 8.8
HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

D-Link RCE Command Injection +1
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow D-Link RCE +2
NVD
EPSS 25% CVSS 9.8
CRITICAL POC THREAT Act Now

An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 802 Firmware
NVD
EPSS 40% CVSS 9.8
CRITICAL POC THREAT Act Now

D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow D-Link Memory Corruption +1
NVD
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
EPSS 32% CVSS 8.0
HIGH POC PATCH THREAT This Week

/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute (under System Tools). Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available.

D-Link Command Injection Dir 841 Firmware
NVD GitHub
EPSS 6% CVSS 8.8
HIGH POC PATCH This Week

prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

D-Link Command Injection Dir 3060 Firmware
NVD
EPSS 1% CVSS 8.0
HIGH This Week

D-Link DCS-5220 devices have a buffer overflow. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow D-Link Memory Corruption +1
NVD
EPSS 13% CVSS 8.0
HIGH POC THREAT This Week

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dsl2888A Firmware
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsl2888A Firmware
NVD
EPSS 10% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsl2888A Firmware
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dsl2888A Firmware
NVD
EPSS 2% CVSS 8.8
HIGH This Week

An issue was discovered on D-Link DSR-250 3.17 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dsr 150 Firmware +9
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An issue was discovered on D-Link DSR-250 3.17 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection D-Link Dsr 150 Firmware +9
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dsr 150 Firmware +9
NVD
EPSS 17% CVSS 5.5
MEDIUM POC THREAT This Month

An issue was discovered on D-Link DSR-250N before 3.17B devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsr 250N Firmware
NVD Exploit-DB
EPSS 5% CVSS 8.8
HIGH POC PATCH This Week

D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping (aka res_config_action=3&res_config_id=18). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection D-Link Dap 1360U Firmware
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP +6
NVD GitHub
EPSS 53% CVSS 8.8
HIGH POC KEV PATCH THREAT This Week

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection D-Link Dcs 4703E Firmware +8
NVD
EPSS 98% CVSS 7.5
HIGH POC KEV PATCH THREAT This Week

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

D-Link Information Disclosure Dcs 4603 Firmware +8
NVD
EPSS 3% CVSS 8.8
HIGH This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 867 Firmware +2
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

RCE D-Link Dir 842 Firmware
NVD
EPSS 3% CVSS 8.0
HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 1.04B03_HOTFIX WiFi extenders. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection D-Link +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

An authentication-bypass issue was discovered on D-Link DAP-1522 devices 1.4x before 1.10b04Beta02. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

D-Link Authentication Bypass PHP +1
NVD
EPSS 3% CVSS 6.1
MEDIUM POC PATCH This Month

An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS D-Link PHP +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

D-Link Authentication Bypass PHP +1
NVD
EPSS 21% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection D-Link Dir 816L Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow D-Link Dap 1520 Firmware
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection D-Link Dsl 7740C Firmware
NVD
EPSS 21% CVSS 8.8
HIGH POC KEV THREAT This Week

D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link PHP +1
NVD GitHub
EPSS 17% CVSS 7.5
HIGH POC THREAT This Week

D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link PHP +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dsl 2750U Firmware
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dsl 2730U Firmware +1
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 865L Firmware
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Dir 865L Firmware
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 865L Firmware
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 865L Firmware
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 865L Firmware
NVD
EPSS 27% CVSS 8.8
HIGH POC THREAT This Week

D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dir 865L Firmware
NVD
Prev Page 12 of 16 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy