Skip to main content

D-Link

1370 CVEs vendor

Monthly

CVE-2019-8319 HIGH POC This Week

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection Dir 878 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
7.8%
CVE-2019-8318 HIGH POC This Week

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection Dir 878 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
6.4%
CVE-2019-8317 HIGH POC This Week

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection Dir 878 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
6.4%
CVE-2019-8316 HIGH POC This Week

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection Dir 878 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
6.6%
CVE-2019-8315 HIGH POC This Week

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection Dir 878 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
6.4%
CVE-2019-8314 HIGH POC This Week

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection Dir 878 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
6.4%
CVE-2019-8313 HIGH POC This Week

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection Dir 878 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
6.4%
CVE-2019-8312 HIGH POC This Week

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection Dir 878 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
7.0%
CVE-2019-7736 CRITICAL POC Act Now

D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 600M Firmware
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2019-7390 HIGH POC This Week

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 823G Firmware
NVD GitHub
CVSS 3.0
8.6
EPSS
2.0%
CVE-2019-7389 HIGH POC This Week

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 823G Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
2.7%
CVE-2019-7388 HIGH POC This Week

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 823G Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
2.8%
CVE-2019-7298 HIGH POC THREAT This Week

An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.0
8.1
EPSS
10.1%
CVE-2019-7297 CRITICAL POC THREAT Act Now

An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
12.5%
CVE-2018-20445 CRITICAL POC Act Now

D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.32 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dcm 604 Firmware Dcm 704 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2018-20389 CRITICAL POC Act Now

D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dcm 604 Firmware Dcm 704 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-18009 CRITICAL Act Now

dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 140L Firmware Dir 640L Firmware
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2018-18008 CRITICAL Act Now

spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dsl 2770L Firmware Dir 140L Firmware Dir 640L Firmware +4
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-18007 CRITICAL Act Now

atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dsl 2770L Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2018-18767 HIGH POC This Week

An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Information Disclosure D-Link Mydlink Baby Camera Monitor Dcs 825L Firmware
NVD
CVSS 3.0
7.0
EPSS
0.6%
CVE-2018-18442 HIGH POC This Week

D-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-service (DoS) attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dcs 825L Firmware
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-18441 HIGH POC This Week

D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dcs 936L Firmware Dcs 942L Firmware Dcs 8000Lh Firmware +15
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-20305 CRITICAL POC Act Now

D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow D-Link Dir 816 A2 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
4.1%
CVE-2018-17777 CRITICAL Act Now

An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dva 5592 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2018-20057 HIGH POC This Week

An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 619l Firmware Dir 605l Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
7.4%
CVE-2018-20056 CRITICAL POC Act Now

An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow D-Link Dir 619l Firmware +1
NVD GitHub
CVSS 3.0
9.8
EPSS
7.0%
CVE-2018-18636 MEDIUM POC This Month

XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:RelaodHref or var:conid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dsl 2640T Firmware
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-10824 CRITICAL POC THREAT Act Now

An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Path Traversal Dwr 116 Firmware Dir 140L Firmware Dir 640L Firmware +5
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
12.5%
CVE-2018-10823 HIGH POC THREAT This Week

An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE D-Link Command Injection Dwr 116 Firmware Dwr 512 Firmware +2
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
78.2%
CVE-2018-10822 HIGH POC THREAT This Week

Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Path Traversal Dwr 116 Firmware Dir 140L Firmware Dir 640L Firmware +5
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
39.3%
CVE-2018-14081 CRITICAL Act Now

An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure D-Link Dir 809 A1 Firmware Dir 809 A2 Firmware Dir 809 Guestzone Firmware
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-14080 HIGH This Week

An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 809 A1 Firmware Dir 809 A2 Firmware Dir 809 Guestzone Firmware
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-17443 MEDIUM POC PATCH This Month

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS D-Link Central Wifimanager
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
5.7%
CVE-2018-17442 HIGH POC PATCH THREAT This Week

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload D-Link PHP Central Wifimanager
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
14.2%
CVE-2018-17441 MEDIUM POC PATCH This Month

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS D-Link Central Wifimanager
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
5.7%
CVE-2018-17440 CRITICAL POC PATCH THREAT Act Now

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload D-Link PHP Central Wifimanager
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
36.9%
CVE-2018-17881 CRITICAL POC Act Now

On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 823G Firmware
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-17880 HIGH POC This Week

On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 RunReboot commands without authentication to trigger a reboot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 823G Firmware
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-17787 CRITICAL POC Act Now

On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD
CVSS 3.0
9.8
EPSS
3.7%
CVE-2018-17786 CRITICAL POC Act Now

On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE D-Link Dir 823G Firmware
NVD
CVSS 3.0
9.8
EPSS
4.1%
CVE-2018-17068 CRITICAL POC Act Now

An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 A2 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
3.7%
CVE-2018-17067 CRITICAL POC Act Now

An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 816 A2 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-17066 CRITICAL POC Act Now

An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 A2 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
7.3%
CVE-2018-17065 CRITICAL POC Act Now

An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 816 A2 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-17064 CRITICAL POC Act Now

An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 A2 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
7.4%
CVE-2018-17063 CRITICAL POC Act Now

An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 A2 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
4.1%
CVE-2018-16605 MEDIUM POC This Month

D-Link DIR-600M devices allow XSS via the Hostname and Username fields in the Dynamic DNS Configuration page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dir 600M Firmware
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2018-16408 HIGH POC This Week

D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE D-Link Command Injection Dir 846 Firmware
NVD GitHub
CVSS 3.0
7.2
EPSS
4.7%
CVE-2018-12710 HIGH POC THREAT This Week

An issue was discovered on D-Link DIR-601 2.02NA devices. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 601 Firmware
NVD Exploit-DB
CVSS 3.0
8.0
EPSS
76.5%
CVE-2018-15839 CRITICAL POC THREAT Act Now

D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 615 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
45.3%
CVE-2018-15875 MEDIUM This Month

Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS D-Link Dir 615 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2018-15874 MEDIUM This Month

Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS D-Link Dir 615 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2018-12103 MEDIUM This Month

An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 890L Firmware Dir 885L R Firmware Dir 895L R Firmware
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-6213 CRITICAL POC Act Now

In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 620 Firmware
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-6212 MEDIUM POC This Month

On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dir 620 Firmware
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-6211 HIGH POC This Week

On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 620 Firmware
NVD
CVSS 3.0
7.2
EPSS
5.8%
CVE-2018-6210 CRITICAL Act Now

D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 620 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2018-8898 CRITICAL POC THREAT Act Now

A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dsl 3782 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
13.3%
CVE-2018-10968 CRITICAL Act Now

On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 550A Firmware Dir 604M Firmware
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-10967 HIGH This Week

On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE D-Link Command Injection Dir 550A Firmware Dir 604M Firmware
NVD
CVSS 3.0
8.8
EPSS
3.8%
CVE-2018-11013 CRITICAL POC Act Now

Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow D-Link Dir 816 A2 Firmware
NVD
CVSS 3.0
9.8
EPSS
6.5%
CVE-2018-10996 CRITICAL POC Act Now

The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Buffer Overflow D-Link Dir 629 B Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
5.4%
CVE-2018-10957 HIGH POC This Week

CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Dir 868l Firmware
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-10750 HIGH POC This Week

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow D-Link Dsl 3782 Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
3.3%
CVE-2018-10749 HIGH POC This Week

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow D-Link Dsl 3782 Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
2.7%
CVE-2018-10748 HIGH POC This Week

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow D-Link Dsl 3782 Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
2.7%
CVE-2018-10747 HIGH POC This Week

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow D-Link Dsl 3782 Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
2.7%
CVE-2018-10746 HIGH POC This Week

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow D-Link Dsl 3782 Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
2.7%
CVE-2018-10641 HIGH POC This Week

D-Link DIR-601 A1 1.02NA devices do not require the old password for a password change, which occurs in cleartext. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 601 Firmware
NVD GitHub
CVSS 3.0
8.1
EPSS
1.8%
CVE-2018-10713 HIGH POC This Week

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow D-Link Dsl 3782 Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-10431 HIGH POC This Week

D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE D-Link Command Injection Dir 615 Firmware
NVD GitHub
CVSS 3.0
7.2
EPSS
2.7%
CVE-2018-10110 MEDIUM POC This Month

D-Link DIR-615 T1 devices allow XSS via the Add User feature. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dir 615 T1 Firmware
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
3.5%
CVE-2018-10108 MEDIUM POC This Month

D-Link DIR-815 REV. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP Dir 815 Firmware
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-10107 MEDIUM POC This Month

D-Link DIR-815 REV. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP Dir 815 Firmware
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-10106 CRITICAL POC Act Now

D-Link DIR-815 REV. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link PHP Dir 815 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-9284 CRITICAL PATCH Act Now

authentication.cgi on D-Link DIR-868L devices with Singapore StarHub firmware before v1.21SHCb03 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Buffer Overflow D-Link Singapore Starhub Firmware
NVD
CVSS 3.1
9.8
EPSS
4.7%
CVE-2018-8941 HIGH POC This Week

Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow D-Link Dsl 3782 Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
6.9%
CVE-2018-5708 HIGH POC This Week

An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 601 Firmware
NVD Exploit-DB
CVSS 3.0
8.0
EPSS
6.3%
CVE-2018-9032 CRITICAL POC THREAT Act Now

An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link PHP Dir 850L Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
28.8%
CVE-2018-6530 CRITICAL POC KEV THREAT Act Now

OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 860L Firmware Dir 865L Firmware Dir 868l Firmware +1
NVD GitHub
CVSS 3.1
9.8
EPSS
96.7%
CVE-2018-6529 MEDIUM POC This Month

XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP Dir 860L Firmware Dir 865L Firmware +1
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2018-6528 MEDIUM POC This Month

XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP Dir 860L Firmware Dir 865L Firmware +1
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2018-6527 MEDIUM POC This Month

XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP Dir 860L Firmware Dir 865L Firmware +1
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2018-7698 HIGH This Week

An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05.04 devices. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure D-Link Mydlink
NVD
CVSS 3.0
8.1
EPSS
1.1%
CVE-2018-6936 MEDIUM POC This Month

Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dir 600M C1 Firmware
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
2.2%
CVE-2018-5371 HIGH POC THREAT This Week

diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dsl 2540U Firmware Dsl 2640U Firmware
NVD
CVSS 3.0
8.8
EPSS
42.0%
CVE-2017-3193 HIGH PATCH This Week

Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow D-Link Stack Overflow Dir 850L Firmware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2017-3192 CRITICAL Act Now

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 27.7% and no vendor patch available.

Authentication Bypass D-Link Dir 130 Firmware Dir 330 Firmware
NVD
CVSS 3.0
9.8
EPSS
27.7%
CVE-2017-3191 CRITICAL Emergency

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.8% and no vendor patch available.

Authentication Bypass D-Link Dir 130 Firmware Dir 330 Firmware
NVD
CVSS 3.0
9.8
EPSS
33.8%
CVE-2017-17065 HIGH This Week

An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06_hbrf devices, related to the code that handles the authentication values for HNAP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service D-Link Dir 605L Model B Firmware
NVD
CVSS 3.1
7.5
EPSS
0.3%
EPSS 8% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection +1
NVD GitHub
EPSS 6% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection +1
NVD GitHub
EPSS 6% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection +1
NVD GitHub
EPSS 7% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection +1
NVD GitHub
EPSS 6% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection +1
NVD GitHub
EPSS 6% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection +1
NVD GitHub
EPSS 6% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection +1
NVD GitHub
EPSS 7% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 600M Firmware
NVD
EPSS 2% CVSS 8.6
HIGH POC This Week

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 823G Firmware
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC This Week

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 823G Firmware
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC This Week

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 823G Firmware
NVD GitHub
EPSS 10% CVSS 8.1
HIGH POC THREAT This Week

An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
EPSS 12% CVSS 9.8
CRITICAL POC THREAT Act Now

An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.32 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dcm 604 Firmware +1
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dcm 604 Firmware +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 140L Firmware +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dsl 2770L Firmware +6
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dsl 2770L Firmware
NVD
EPSS 1% CVSS 7.0
HIGH POC This Week

An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Information Disclosure D-Link Mydlink Baby Camera Monitor +1
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

D-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-service (DoS) attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dcs 825L Firmware
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dcs 936L Firmware +17
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow +2
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dva 5592 Firmware
NVD
EPSS 7% CVSS 8.8
HIGH POC This Week

An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 619l Firmware +1
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow +3
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:RelaodHref or var:conid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dsl 2640T Firmware
NVD
EPSS 12% CVSS 9.8
CRITICAL POC THREAT Act Now

An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Path Traversal Dwr 116 Firmware +7
NVD Exploit-DB
EPSS 78% CVSS 8.8
HIGH POC THREAT This Week

An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE D-Link Command Injection +4
NVD Exploit-DB
EPSS 39% CVSS 7.5
HIGH POC THREAT This Week

Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Path Traversal Dwr 116 Firmware +7
NVD Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure D-Link Dir 809 A1 Firmware +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 809 A1 Firmware +2
NVD
EPSS 6% CVSS 6.1
MEDIUM POC PATCH This Month

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS D-Link Central Wifimanager
NVD Exploit-DB
EPSS 14% CVSS 8.8
HIGH POC PATCH THREAT This Week

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload D-Link PHP +1
NVD Exploit-DB
EPSS 6% CVSS 6.1
MEDIUM POC PATCH This Month

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS D-Link Central Wifimanager
NVD Exploit-DB
EPSS 37% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload D-Link PHP +1
NVD Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 823G Firmware
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 RunReboot commands without authentication to trigger a reboot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 823G Firmware
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE D-Link +1
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 A2 Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link +1
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 A2 Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link +1
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 A2 Firmware
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 A2 Firmware
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

D-Link DIR-600M devices allow XSS via the Hostname and Username fields in the Dynamic DNS Configuration page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dir 600M Firmware
NVD
EPSS 5% CVSS 7.2
HIGH POC This Week

D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE D-Link Command Injection +1
NVD GitHub
EPSS 77% CVSS 8.0
HIGH POC THREAT This Week

An issue was discovered on D-Link DIR-601 2.02NA devices. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 601 Firmware
NVD Exploit-DB
EPSS 45% CVSS 9.8
CRITICAL POC THREAT Act Now

D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 615 Firmware
NVD Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS D-Link Dir 615 Firmware
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS D-Link Dir 615 Firmware
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 890L Firmware +2
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 620 Firmware
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dir 620 Firmware
NVD
EPSS 6% CVSS 7.2
HIGH POC This Week

On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 620 Firmware
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 620 Firmware
NVD
EPSS 13% CVSS 9.8
CRITICAL POC THREAT Act Now

A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dsl 3782 Firmware
NVD Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL Act Now

On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 550A Firmware +1
NVD
EPSS 4% CVSS 8.8
HIGH This Week

On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE D-Link Command Injection +2
NVD
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow +2
NVD
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Dir 868l Firmware
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow D-Link +1
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow D-Link +1
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow D-Link +1
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow D-Link +1
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow D-Link +1
NVD GitHub
EPSS 2% CVSS 8.1
HIGH POC This Week

D-Link DIR-601 A1 1.02NA devices do not require the old password for a password change, which occurs in cleartext. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 601 Firmware
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow D-Link +1
NVD GitHub
EPSS 3% CVSS 7.2
HIGH POC This Week

D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE D-Link Command Injection +1
NVD GitHub
EPSS 4% CVSS 4.8
MEDIUM POC This Month

D-Link DIR-615 T1 devices allow XSS via the Add User feature. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dir 615 T1 Firmware
NVD Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

D-Link DIR-815 REV. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

D-Link DIR-815 REV. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

D-Link DIR-815 REV. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link PHP +1
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

authentication.cgi on D-Link DIR-868L devices with Singapore StarHub firmware before v1.21SHCb03 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Buffer Overflow D-Link +1
NVD
EPSS 7% CVSS 8.8
HIGH POC This Week

Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow D-Link +1
NVD GitHub
EPSS 6% CVSS 8.0
HIGH POC This Week

An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 601 Firmware
NVD Exploit-DB
EPSS 29% CVSS 9.8
CRITICAL POC THREAT Act Now

An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link PHP +1
NVD Exploit-DB
EPSS 97% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 860L Firmware +3
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC This Month

XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP +3
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC This Month

XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP +3
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC This Month

XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP +3
NVD GitHub
EPSS 1% CVSS 8.1
HIGH This Week

An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05.04 devices. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure D-Link Mydlink
NVD
EPSS 2% CVSS 5.4
MEDIUM POC This Month

Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dir 600M C1 Firmware
NVD Exploit-DB
EPSS 42% CVSS 8.8
HIGH POC THREAT This Week

diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dsl 2540U Firmware +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow D-Link Stack Overflow +1
NVD
EPSS 28% CVSS 9.8
CRITICAL Act Now

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 27.7% and no vendor patch available.

Authentication Bypass D-Link Dir 130 Firmware +1
NVD
EPSS 34% CVSS 9.8
CRITICAL Emergency

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.8% and no vendor patch available.

Authentication Bypass D-Link Dir 130 Firmware +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06_hbrf devices, related to the code that handles the authentication values for HNAP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service D-Link Dir 605L Model B Firmware
NVD
Prev Page 14 of 16 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy