Skip to main content

D-Link

1370 CVEs vendor

Monthly

CVE-2020-13136 HIGH This Week

D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dsp W215 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-13135 MEDIUM This Month

D-Link DSP-W215 1.26b03 devices allow information disclosure by intercepting messages on the local network, as demonstrated by a Squid Proxy. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dsp W215 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-9279 CRITICAL POC Act Now

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsl 2640B Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-9278 CRITICAL POC Act Now

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsl 2640B Firmware
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2020-9277 CRITICAL POC Act Now

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsl 2640B Firmware
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-9276 HIGH POC This Week

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption D-Link Dsl 2640B Firmware
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-9275 CRITICAL POC Act Now

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsl 2640B Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-6765 HIGH PATCH This Week

D-Link DSL-GS225 J1 AU_1.0.4 devices allow an admin to execute OS commands by placing shell metacharacters after a supported CLI command, as demonstrated by ping -c1 127.0.0.1; cat/etc/passwd. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection D-Link Dsl Gs225 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2020-8864 HIGH This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE D-Link Dir 878 Firmware Dir 882 Firmware Dir 867 Firmware
NVD
CVSS 3.1
8.8
EPSS
80.2%
CVE-2020-8863 HIGH This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 878 Firmware Dir 882 Firmware Dir 867 Firmware
NVD
CVSS 3.1
8.8
EPSS
76.7%
CVE-2020-10216 HIGH POC This Week

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dir 825 Firmware Tew 632Brp Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
5.0%
CVE-2020-10215 HIGH POC This Week

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dir 825 Firmware Tew 632Brp Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
5.3%
CVE-2020-10214 HIGH POC THREAT This Week

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption D-Link Dir 825 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
18.3%
CVE-2020-10213 HIGH POC This Week

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dir 825 Firmware Tew 632Brp Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
5.0%
CVE-2020-9544 HIGH POC This Week

An issue was discovered on D-Link DSL-2640B E1 EU_1.01 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsl 2640B Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-9535 HIGH POC This Week

fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup_Wizard webpage parameter when f_radius_ip1 is malformed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption D-Link Dir 615Jx10 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-9534 HIGH POC This Week

fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup webpage parameter when f_radius_ip1 is malformed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption D-Link Dir 615Jx10 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-8862 HIGH This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE D-Link Dap 2610 Firmware
NVD
CVSS 3.1
8.8
EPSS
13.3%
CVE-2020-8861 HIGH This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE D-Link Dap 1330 Firmware
NVD
CVSS 3.1
8.8
EPSS
6.5%
CVE-2020-6842 HIGH This Week

D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection D-Link Dch M225 Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
2.3%
CVE-2020-6841 CRITICAL POC Act Now

D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link PHP Dch M225 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-8962 CRITICAL POC Act Now

A stack-based buffer overflow was found on the D-Link DIR-842 REVC with firmware v3.13B09 HOTFIX due to the use of strcpy for LOGINPASSWORD when handling a POST request to the /MTFWU endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption D-Link Dir 842 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2019-17621 CRITICAL POC KEV PATCH THREAT Act Now

The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

D-Link Command Injection Dir 859 Firmware Dir 822 Firmware Dir 823 Firmware +11
NVD
CVSS 3.1
9.8
EPSS
89.6%
CVE-2019-16327 CRITICAL POC Act Now

D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 601 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2019-16326 HIGH POC This Week

D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link CSRF Dir 601 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-19742 MEDIUM POC THREAT This Month

On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dir 615 Firmware
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
19.8%
CVE-2019-19743 MEDIUM POC This Month

On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 615 T1 Firmware
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
8.9%
CVE-2019-19598 HIGH POC This Week

D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dap 1860 Firmware
NVD
CVSS 3.1
8.8
EPSS
3.5%
CVE-2019-19597 HIGH POC THREAT This Week

D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE D-Link Dap 1860 Firmware
NVD
CVSS 3.1
8.8
EPSS
20.8%
CVE-2019-18852 CRITICAL POC Act Now

Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 600 B1 Firmware Dir 615 J1 Firmware Dir 645 A1 Firmware +4
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-17512 CRITICAL POC Act Now

There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link PHP Dir 412 Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2019-17663 MEDIUM This Month

D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessage in the device common gateway interface, leading to common injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS D-Link Dir 866L Firmware
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-17511 HIGH POC This Week

There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link PHP Dir 412 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2019-17510 CRITICAL POC Act Now

D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Command Injection Dir 846 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-17509 CRITICAL POC Act Now

D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Command Injection Dir 846 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2019-17508 CRITICAL POC THREAT Emergency

On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Command Injection Dir 859 A3 Firmware Dir 850L A Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
15.8%
CVE-2019-17507 HIGH POC This Week

An issue was discovered on D-Link DIR-816 A1 1.06 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 816 A1 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2019-17506 CRITICAL POC THREAT Act Now

There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link PHP Dir 868L B1 Firmware Dir 817Lw A1 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
57.3%
CVE-2019-17505 HIGH POC This Week

D-Link DAP-1320 A2-V1.21 routers have some web interfaces without authentication requirements, as demonstrated by uplink_info.xml. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dap 1320 A2 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-17353 HIGH This Week

An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 615 Firmware
NVD GitHub
CVSS 3.1
8.2
EPSS
3.0%
CVE-2019-16920 CRITICAL POC KEV THREAT Act Now

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection Dir 655 Firmware Dir 866L Firmware +8
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2019-16057 CRITICAL POC KEV THREAT Act Now

The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 320 Firmware
NVD
CVSS 3.1
9.8
EPSS
87.2%
CVE-2019-16190 CRITICAL POC Act Now

SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link PHP Dir 868l Firmware Dir 885L Firmware +1
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-10892 CRITICAL POC Act Now

An issue was discovered in D-Link DIR-806 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Dir 806 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-10891 CRITICAL POC THREAT Act Now

An issue was discovered in D-Link DIR-806 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 806 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
19.4%
CVE-2019-13265 HIGH POC This Week

D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 825 Ac G1 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-13264 HIGH POC This Week

D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 825 Ac G1 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-13263 HIGH POC This Week

D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 825 Ac G1 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-15530 HIGH POC This Week

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
4.3%
CVE-2019-15529 HIGH POC This Week

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
7.7%
CVE-2019-15528 HIGH POC This Week

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
4.1%
CVE-2019-15527 HIGH POC This Week

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
4.1%
CVE-2019-15526 HIGH POC This Week

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
4.1%
CVE-2019-14335 MEDIUM This Month

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service D-Link 6600 Ap Firmware Dwl 3600Ap Firmware
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2019-13101 CRITICAL POC THREAT Act Now

An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 600M Firmware
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
67.1%
CVE-2019-6969 HIGH POC This Week

The web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that allows an unauthenticated user to have access to sensitive information such as the Wi-Fi password and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass XSS D-Link Dva 5592 Firmware
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-6968 MEDIUM POC This Month

The web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS because HTML form parameters are directly reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dva 5592 Firmware
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-14338 MEDIUM POC This Month

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link 6600 Ap Firmware Dwl 3600Ap Firmware
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2019-14337 MEDIUM POC This Month

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection 6600 Ap Firmware Dwl 3600Ap Firmware
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2019-14336 MEDIUM POC This Month

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link 6600 Ap Firmware Dwl 3600Ap Firmware
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2019-14334 MEDIUM POC This Month

An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link 6600 Ap Firmware Dwl 3600Ap Firmware Dwl 8610Ap Firmware
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-14333 MEDIUM POC This Month

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service D-Link 6600 Ap Firmware Dwl 3600Ap Firmware
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2019-14332 HIGH POC This Week

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link 6600 Ap Firmware Dwl 3600Ap Firmware
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2019-1010155 CRITICAL POC Act Now

D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service D-Link Dsl 2750U Firmware
NVD
CVSS 3.1
9.1
EPSS
8.6%
CVE-2019-13563 HIGH POC This Week

D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link CSRF Dir 655 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-13562 MEDIUM POC This Month

D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dir 655 Firmware
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2019-13561 CRITICAL POC Act Now

D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 655 Firmware
NVD
CVSS 3.0
9.8
EPSS
8.4%
CVE-2019-13560 CRITICAL POC Act Now

D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 655 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-13482 HIGH POC This Week

An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 818lw Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
8.1%
CVE-2019-13481 HIGH POC This Week

An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 818lw Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
8.2%
CVE-2019-13375 CRITICAL PATCH Act Now

A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi D-Link PHP Central Wifimanager
NVD GitHub
CVSS 3.0
9.8
EPSS
28.2%
CVE-2019-13374 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS D-Link PHP Central Wifimanager
NVD GitHub
CVSS 3.0
6.1
EPSS
2.4%
CVE-2019-13373 CRITICAL POC PATCH THREAT Act Now

An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi D-Link PHP Central Wifimanager
NVD GitHub
CVSS 3.0
9.8
EPSS
68.0%
CVE-2019-13372 CRITICAL POC THREAT Emergency

/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP D-Link RCE Central Wifimanager
NVD GitHub
CVSS 3.1
9.8
EPSS
80.7%
CVE-2019-13128 HIGH POC This Week

An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
7.7%
CVE-2019-12787 HIGH POC This Week

An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 818lw Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2019-12786 HIGH POC This Week

An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 818lw Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2019-10999 HIGH POC This Week

The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow D-Link Memory Corruption Dcs 930l Firmware +9
NVD GitHub
CVSS 3.0
8.8
EPSS
3.7%
CVE-2019-11017 MEDIUM POC This Month

On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Di 524 Firmware
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
1.5%
CVE-2019-7642 HIGH POC This Week

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 817Lw Firmware Dir 816L Firmware Dir 816 Firmware +2
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-10042 HIGH POC This Week

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 816 Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-10041 CRITICAL POC Act Now

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 816 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-10040 CRITICAL POC Act Now

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 816 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%
CVE-2019-10039 CRITICAL POC Act Now

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 816 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-9126 HIGH POC This Week

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 825 Rev B Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-9125 CRITICAL POC Act Now

An issue was discovered on D-Link DIR-878 1.12B01 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Buffer Overflow D-Link Dir 878 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
3.0%
CVE-2019-9124 CRITICAL POC Act Now

An issue was discovered on D-Link DIR-878 1.12B01 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 878 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2019-9123 CRITICAL POC Act Now

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure D-Link Dir 825 Rev B Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-9122 HIGH POC THREAT This Week

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 825 Rev B Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
23.5%
CVE-2019-8392 HIGH POC This Week

An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 823G Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
2.2%
EPSS 1% CVSS 7.5
HIGH This Week

D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dsp W215 Firmware
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

D-Link DSP-W215 1.26b03 devices allow information disclosure by intercepting messages on the local network, as demonstrated by a Squid Proxy. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dsp W215 Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsl 2640B Firmware
NVD
EPSS 2% CVSS 9.1
CRITICAL POC Act Now

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsl 2640B Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsl 2640B Firmware
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption D-Link +1
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsl 2640B Firmware
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

D-Link DSL-GS225 J1 AU_1.0.4 devices allow an admin to execute OS commands by placing shell metacharacters after a supported CLI command, as demonstrated by ping -c1 127.0.0.1; cat/etc/passwd. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection D-Link Dsl Gs225 Firmware
NVD
EPSS 80% CVSS 8.8
HIGH This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE D-Link Dir 878 Firmware +2
NVD
EPSS 77% CVSS 8.8
HIGH This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 878 Firmware +2
NVD
EPSS 5% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dir 825 Firmware +1
NVD GitHub
EPSS 5% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dir 825 Firmware +1
NVD GitHub
EPSS 18% CVSS 8.8
HIGH POC THREAT This Week

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption +2
NVD GitHub
EPSS 5% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dir 825 Firmware +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue was discovered on D-Link DSL-2640B E1 EU_1.01 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsl 2640B Firmware
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup_Wizard webpage parameter when f_radius_ip1 is malformed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption D-Link +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup webpage parameter when f_radius_ip1 is malformed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption D-Link +1
NVD GitHub
EPSS 13% CVSS 8.8
HIGH This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE D-Link Dap 2610 Firmware
NVD
EPSS 7% CVSS 8.8
HIGH This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE D-Link Dap 1330 Firmware
NVD
EPSS 2% CVSS 7.2
HIGH This Week

D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection D-Link Dch M225 Firmware
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link PHP +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

A stack-based buffer overflow was found on the D-Link DIR-842 REVC with firmware v3.13B09 HOTFIX due to the use of strcpy for LOGINPASSWORD when handling a POST request to the /MTFWU endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption D-Link +1
NVD
EPSS 90% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

D-Link Command Injection Dir 859 Firmware +13
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 601 Firmware
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link CSRF Dir 601 Firmware
NVD
EPSS 20% CVSS 4.8
MEDIUM POC THREAT This Month

On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dir 615 Firmware
NVD Exploit-DB
EPSS 9% CVSS 6.5
MEDIUM POC This Month

On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 615 T1 Firmware
NVD Exploit-DB
EPSS 4% CVSS 8.8
HIGH POC This Week

D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dap 1860 Firmware
NVD
EPSS 21% CVSS 8.8
HIGH POC THREAT This Week

D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE D-Link +1
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 600 B1 Firmware +6
NVD GitHub
EPSS 2% CVSS 9.1
CRITICAL POC Act Now

There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link PHP +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessage in the device common gateway interface, leading to common injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS D-Link Dir 866L Firmware
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link PHP +1
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Command Injection +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Command Injection +1
NVD GitHub
EPSS 16% CVSS 9.8
CRITICAL POC THREAT Emergency

On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Command Injection +2
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

An issue was discovered on D-Link DIR-816 A1 1.06 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 816 A1 Firmware
NVD GitHub
EPSS 57% CVSS 9.8
CRITICAL POC THREAT Act Now

There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link PHP +2
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

D-Link DAP-1320 A2-V1.21 routers have some web interfaces without authentication requirements, as demonstrated by uplink_info.xml. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dap 1320 A2 Firmware
NVD GitHub
EPSS 3% CVSS 8.2
HIGH This Week

An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 615 Firmware
NVD GitHub
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection +10
NVD
EPSS 87% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 320 Firmware
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link PHP +3
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in D-Link DIR-806 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption +1
NVD GitHub
EPSS 19% CVSS 9.8
CRITICAL POC THREAT Act Now

An issue was discovered in D-Link DIR-806 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 806 Firmware
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 825 Ac G1 Firmware
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 825 Ac G1 Firmware
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 825 Ac G1 Firmware
NVD
EPSS 4% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
EPSS 8% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM This Month

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service D-Link 6600 Ap Firmware +1
NVD
EPSS 67% CVSS 9.8
CRITICAL POC THREAT Act Now

An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 600M Firmware
NVD GitHub Exploit-DB
EPSS 3% CVSS 7.5
HIGH POC This Week

The web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that allows an unauthenticated user to have access to sensitive information such as the Wi-Fi password and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass XSS D-Link +1
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS because HTML form parameters are directly reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dva 5592 Firmware
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link 6600 Ap Firmware +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection 6600 Ap Firmware +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link 6600 Ap Firmware +1
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link 6600 Ap Firmware +2
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service D-Link 6600 Ap Firmware +1
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link 6600 Ap Firmware +1
NVD
EPSS 9% CVSS 9.1
CRITICAL POC Act Now

D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service D-Link +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link CSRF Dir 655 Firmware
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dir 655 Firmware
NVD
EPSS 8% CVSS 9.8
CRITICAL POC Act Now

D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 655 Firmware
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 655 Firmware
NVD
EPSS 8% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 818lw Firmware
NVD GitHub
EPSS 8% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 818lw Firmware
NVD GitHub
EPSS 28% CVSS 9.8
CRITICAL PATCH Act Now

A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi D-Link PHP +1
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS D-Link PHP +1
NVD GitHub
EPSS 68% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi D-Link PHP +1
NVD GitHub
EPSS 81% CVSS 9.8
CRITICAL POC THREAT Emergency

/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP D-Link +2
NVD GitHub
EPSS 8% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 818lw Firmware
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 818lw Firmware
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC This Week

The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow D-Link +11
NVD GitHub
EPSS 2% CVSS 4.8
MEDIUM POC This Month

On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Di 524 Firmware
NVD Exploit-DB
EPSS 3% CVSS 7.5
HIGH POC This Week

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 817Lw Firmware +4
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 816 Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 816 Firmware
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 816 Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 816 Firmware
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 825 Rev B Firmware
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered on D-Link DIR-878 1.12B01 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Buffer Overflow D-Link +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered on D-Link DIR-878 1.12B01 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 878 Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure D-Link +1
NVD GitHub
EPSS 24% CVSS 8.8
HIGH POC THREAT This Week

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 825 Rev B Firmware
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 823G Firmware
NVD GitHub
Prev Page 13 of 16 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy