Skip to main content

D-Link

1370 CVEs vendor

Monthly

CVE-2017-7851 HIGH POC This Week

D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Dcs 936L
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-16765 MEDIUM POC This Month

XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dwr 933 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2016-10699 MEDIUM POC This Month

D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dsl 2740E Firmware
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-15909 CRITICAL Act Now

D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dgs 1500 Firmware
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2015-1187 CRITICAL POC KEV THREAT Emergency

The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

D-Link Authentication Bypass RCE
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
81.2%
Threat
7.4
CVE-2017-14430 HIGH POC This Week

D-Link DIR-850L REV. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service D-Link Dir 850L Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2017-14429 CRITICAL POC Act Now

The DHCP client on D-Link DIR-850L REV. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP D-Link Command Injection Dir 850L Firmware
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2017-14428 HIGH POC This Week

D-Link DIR-850L REV. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 850L Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-14427 HIGH POC This Week

D-Link DIR-850L REV. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link Privilege Escalation Dir 850L Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-14426 HIGH POC This Week

D-Link DIR-850L REV. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 850L Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-14425 HIGH POC This Week

D-Link DIR-850L REV. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link Privilege Escalation Dir 850L Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-14424 HIGH POC This Week

D-Link DIR-850L REV. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link Privilege Escalation Dir 850L Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-14423 HIGH POC This Week

htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Information Disclosure Dir 850L Firmware
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2017-14422 HIGH POC This Week

D-Link DIR-850L REV. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 850L Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2017-14421 CRITICAL POC Act Now

D-Link DIR-850L REV. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 850L Firmware
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2017-14420 MEDIUM POC This Month

The D-Link NPAPI extension, as used on D-Link DIR-850L REV. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 850L Firmware
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2017-14419 MEDIUM POC This Month

The D-Link NPAPI extension, as used on D-Link DIR-850L REV. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 850L Firmware
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2017-14418 HIGH POC This Week

The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 850L Firmware
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2017-14417 CRITICAL POC Act Now

register_send.php on D-Link DIR-850L REV. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass PHP Dir 850L Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2017-14416 MEDIUM POC This Month

D-Link DIR-850L REV. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP Dir 850L Firmware
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2017-14415 MEDIUM POC This Month

D-Link DIR-850L REV. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP Dir 850L Firmware
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2017-14414 MEDIUM POC This Month

D-Link DIR-850L REV. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP Dir 850L Firmware
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2017-14413 MEDIUM POC This Month

D-Link DIR-850L REV. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP Dir 850L Firmware
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2016-10405 CRITICAL Act Now

Session fixation vulnerability in D-Link DIR-600L routers (rev. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation D-Link Information Disclosure Dir 600L Firmware
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2014-7860 MEDIUM This Month

The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link PHP Information Disclosure Dns 327L Firmware Dns 320L Firmware
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2014-7859 CRITICAL Act Now

Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.7% and no vendor patch available.

Buffer Overflow RCE D-Link Dns 322L Firmware Dns 320Lw Firmware +3
NVD
CVSS 3.0
9.8
EPSS
11.7%
CVE-2014-7858 CRITICAL Act Now

The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.0% and no vendor patch available.

D-Link Authentication Bypass Dnr 326 Firmware
NVD
CVSS 3.0
9.8
EPSS
14.0%
CVE-2014-7857 CRITICAL Act Now

D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.0% and no vendor patch available.

D-Link Authentication Bypass Dns 322L Firmware Dns 325 Firmware Dns 345 Firmware +4
NVD
CVSS 3.0
9.8
EPSS
12.0%
CVE-2017-12943 CRITICAL POC THREAT Emergency

D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 81.8%.

Path Traversal D-Link PHP Dir 600 B1 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
81.8%
Threat
5.9
CVE-2017-10676 MEDIUM POC This Month

On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dir 600M Firmware
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-11436 CRITICAL Act Now

D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 615
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2017-7406 CRITICAL PATCH Act Now

The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

D-Link Information Disclosure Dir 615
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2017-7405 CRITICAL PATCH Act Now

On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

D-Link Authentication Bypass Dir 615
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2017-7404 HIGH PATCH This Week

On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Denial Of Service CSRF D-Link Dir 615
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2017-9675 HIGH POC THREAT Act Now

On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an unauthenticated GET request to trigger a reboot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 30.9%.

D-Link Information Disclosure Dir 605l Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
30.9%
CVE-2017-9542 CRITICAL Act Now

D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 615 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2017-9100 HIGH POC This Week

login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 600M Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
5.8%
CVE-2015-7247 CRITICAL POC THREAT Emergency

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 30.9%.

D-Link Information Disclosure Dvg N5402Sp Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
30.9%
Threat
4.4
CVE-2015-7246 CRITICAL POC THREAT Emergency

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 33.1%.

D-Link Authentication Bypass Dvg N5402Sp Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
33.1%
Threat
4.5
CVE-2015-7245 HIGH POC THREAT Act Now

Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.4%.

Path Traversal D-Link Dvg N5402Sp Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
89.4%
Threat
5.7
CVE-2017-7852 HIGH POC This Week

D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Dcs 2230L Firmware Dcs 2310L Firmware Dcs 2332L Firmware +23
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2016-1559 HIGH PATCH This Week

D-Link DAP-1353 H/W vers. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

D-Link Information Disclosure Dap 1353 H W B1 Firmware Dap 2553 H W A1 Firmware Dap 3520 H W A1 Firmware
NVD
CVSS 3.0
8.1
EPSS
1.1%
CVE-2016-1558 CRITICAL PATCH Act Now

Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.9%.

Buffer Overflow D-Link Dap 3662 Firmware Dap 2310 Firmware Dap 2330 Firmware +7
NVD
CVSS 3.0
9.8
EPSS
14.9%
CVE-2017-6190 HIGH POC THREAT Act Now

Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 62.4%.

Path Traversal D-Link Dwr 116 Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
62.4%
Threat
4.9
CVE-2017-7398 HIGH POC This Week

D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Dir 615 Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-5874 HIGH This Week

CSRF exists on D-Link DIR-600M Rev. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF D-Link Dir 600M Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-6411 HIGH POC This Week

Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Dsl 2730U Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.4%
CVE-2017-5633 HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Di 524 Firmware
NVD Exploit-DB
CVSS 3.0
8.0
EPSS
1.4%
CVE-2017-6206 HIGH POC PATCH THREAT Act Now

D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 46.4%.

D-Link Information Disclosure Websmart Dgs 1510 Series Firmware
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
46.4%
Threat
4.4
CVE-2017-6205 CRITICAL PATCH Act Now

D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass D-Link Websmart Dgs 1510 Series Firmware
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2016-10186 HIGH POC This Week

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dwr 932B Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
3.0%
CVE-2016-10185 HIGH POC This Week

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dwr 932B Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
3.0%
CVE-2016-10184 HIGH POC This Week

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal D-Link Dwr 932B Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
5.5%
CVE-2016-10183 HIGH POC This Week

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal D-Link Dwr 932B Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
5.5%
CVE-2016-10182 CRITICAL POC THREAT Emergency

An issue was discovered on the D-Link DWR-932B router. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 49.3%.

D-Link Command Injection Dwr 932B Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
49.3%
Threat
4.9
CVE-2016-10181 HIGH POC THREAT Act Now

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.1%.

D-Link Information Disclosure Dwr 932B Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
12.1%
CVE-2016-10180 HIGH POC This Week

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dwr 932B Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
3.5%
CVE-2016-10179 HIGH POC THREAT Act Now

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.0%.

D-Link Authentication Bypass Dwr 932B Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
12.0%
CVE-2016-10178 CRITICAL POC THREAT Emergency

An issue was discovered on the D-Link DWR-932B router. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.2%.

D-Link Information Disclosure Dwr 932B Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
22.2%
Threat
4.1
CVE-2016-10177 CRITICAL POC THREAT Emergency

An issue was discovered on the D-Link DWR-932B router. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.1%.

D-Link Authentication Bypass Dwr 932B Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
20.1%
Threat
4.1
CVE-2016-10125 HIGH POC This Week

D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dgs 1100 Firmware
NVD
CVSS 3.0
8.1
EPSS
0.8%
CVE-2016-5681 CRITICAL Emergency

Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 35.3% and no vendor patch available.

RCE D-Link Buffer Overflow Dir 868l Firmware Dir 822 Firmware +8
NVD
CVSS 3.1
9.8
EPSS
35.3%
CVE-2015-5999 MEDIUM POC THREAT This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 14.4%.

CSRF D-Link Dir 816L Firmware
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
14.4%
CVE-2015-2052 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.6%.

RCE D-Link Buffer Overflow Dir 645 Firmware
NVD
CVSS 2.0
10.0
EPSS
11.6%
CVE-2015-2051 HIGH POC KEV THREAT Act Now

The D-Link DIR-645 Wired/Wireless Router Rev. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection D-Link
NVD Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
93.0%
Threat
7.5
CVE-2015-2050 CRITICAL Act Now

D-Link DAP-1320 Rev Ax with firmware before 1.21b05 allows attackers to execute arbitrary commands via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dap 1320 Firmware
NVD
CVSS 2.0
10.0
EPSS
1.2%
CVE-2015-2049 CRITICAL POC THREAT Emergency

Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.9%.

RCE D-Link File Upload Dcs 931l Firmware
NVD Exploit-DB
CVSS 2.0
9.0
EPSS
82.9%
Threat
5.8
CVE-2015-2048 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF D-Link Dcs 931l Firmware
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-1028 LOW POC THREAT Monitor

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1). Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 21.1%.

XSS D-Link Dsl 2730B Firmware
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
21.1%
CVE-2014-10028 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS D-Link Dap 1360 Firmware
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-10027 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF D-Link Dap 1360 Firmware
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-10026 MEDIUM POC This Month

index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows remote attackers to bypass authentication and obtain sensitive information by setting the client_login cookie to admin. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dap 1360 Firmware
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-10025 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF D-Link Dap 1360 Firmware
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-100005 HIGH POC KEV PATCH THREAT Act Now

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

PHP D-Link CSRF
NVD VulDB
CVSS 3.1
8.0
EPSS
40.8%
Threat
5.8
CVE-2014-9518 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS D-Link Dir 655 Firmware Dir 655
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-9517 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS D-Link Dcs 2103 Firmware
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2014-9238 MEDIUM POC This Month

D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal D-Link Dcs 2103 Hd Cube Network Camera Firmware
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-9234 MEDIUM POC This Month

Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal D-Link Dcs 2103 Hd Cube Network Camera Firmware
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2014-4927 HIGH POC THREAT Act Now

Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.5%.

Denial Of Service Netgear D-Link Buffer Overflow Micro Httpd +4
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
17.5%
CVE-2013-7389 MEDIUM POC PATCH THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 92.2%.

XSS PHP D-Link Dir 645 Firmware Dir 645
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
92.2%
Threat
5.1
CVE-2014-4645 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS D-Link Dsl 2760U E1
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.0%
CVE-2014-3936 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 84.3%.

RCE D-Link Buffer Overflow Dir505 Shareport Mobile Companion Firmware Dir505 Shareport Mobile Companion +4
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
84.3%
Threat
6.0
CVE-2014-3872 HIGH POC This Week

Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi D-Link Dap 1350 Firmware Dap 1350
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2014-3761 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in D-Link DAP 1150 with firmware 1.2.94 allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS D-Link Dap 1150 Firmware Dap 1150
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3760 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP 1150 with firmware 1.2.94 allow remote attackers to hijack the authentication of administrators for requests that (1) enable. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Google D-Link Dap 1150 Firmware Dap 1150
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-4772 CRITICAL Act Now

D-Link DIR-505L SharePort Mobile Companion 1.01 and DIR-826L Wireless N600 Cloud Router 1.02 allows remote attackers to bypass authentication via a direct request when an authorized session is active. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

D-Link Authentication Bypass Dir 826L Wireless N600 Cloud Router Firmware Dir 826L Wireless N600 Cloud Router Dir 505L Shareport Mobile Companion Firmware +1
NVD
CVSS 2.0
9.3
EPSS
0.1%
CVE-2013-7321 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in D-Link DAP-2253 Access Point (Rev. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

D-Link XSS Dap 2253 Firmware Dap 2253
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-7320 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in D-Link DAP-2253 Access Point (Rev. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF D-Link Dap 2253 Firmware Dap 2253
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-7308 MEDIUM This Month

The OSPF implementation on the D-Link DES-3810-28 switch with firmware R2.20.B017 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before. Rated medium severity (CVSS 5.4). No vendor patch available.

Denial Of Service D-Link Des 3810 28 Firmware Des 3810 28
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2013-6786 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

D-Link TP-Link XSS Zyxel Huawei +7
NVD
CVSS 2.0
4.3
EPSS
0.3%
EPSS 0% CVSS 8.8
HIGH POC This Week

D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Dcs 936L
NVD Exploit-DB
EPSS 0% CVSS 6.1
MEDIUM POC This Month

XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dwr 933 Firmware
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dsl 2740E Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dgs 1500 Firmware
NVD
EPSS 81% 7.4 CVSS 9.8
CRITICAL POC KEV THREAT Emergency

The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

D-Link Authentication Bypass RCE
NVD GitHub Exploit-DB
EPSS 1% CVSS 7.5
HIGH POC This Week

D-Link DIR-850L REV. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service D-Link Dir 850L Firmware
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

The DHCP client on D-Link DIR-850L REV. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP D-Link +2
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

D-Link DIR-850L REV. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 850L Firmware
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

D-Link DIR-850L REV. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link Privilege Escalation Dir 850L Firmware
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

D-Link DIR-850L REV. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 850L Firmware
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

D-Link DIR-850L REV. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link Privilege Escalation Dir 850L Firmware
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

D-Link DIR-850L REV. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link Privilege Escalation Dir 850L Firmware
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Information Disclosure +1
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

D-Link DIR-850L REV. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 850L Firmware
NVD
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

D-Link DIR-850L REV. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 850L Firmware
NVD
EPSS 0% CVSS 5.9
MEDIUM POC This Month

The D-Link NPAPI extension, as used on D-Link DIR-850L REV. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 850L Firmware
NVD
EPSS 0% CVSS 5.9
MEDIUM POC This Month

The D-Link NPAPI extension, as used on D-Link DIR-850L REV. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 850L Firmware
NVD
EPSS 1% CVSS 8.1
HIGH POC This Week

The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 850L Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

register_send.php on D-Link DIR-850L REV. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass PHP +1
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

D-Link DIR-850L REV. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP +1
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

D-Link DIR-850L REV. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP +1
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

D-Link DIR-850L REV. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP +1
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

D-Link DIR-850L REV. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Session fixation vulnerability in D-Link DIR-600L routers (rev. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation D-Link Information Disclosure +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link PHP Information Disclosure +2
NVD
EPSS 12% CVSS 9.8
CRITICAL Act Now

Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.7% and no vendor patch available.

Buffer Overflow RCE D-Link +5
NVD
EPSS 14% CVSS 9.8
CRITICAL Act Now

The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.0% and no vendor patch available.

D-Link Authentication Bypass Dnr 326 Firmware
NVD
EPSS 12% CVSS 9.8
CRITICAL Act Now

D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.0% and no vendor patch available.

D-Link Authentication Bypass Dns 322L Firmware +6
NVD
EPSS 82% 5.9 CVSS 9.8
CRITICAL POC THREAT Emergency

D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 81.8%.

Path Traversal D-Link PHP +1
NVD Exploit-DB
EPSS 0% CVSS 6.1
MEDIUM POC This Month

On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dir 600M Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 615
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

D-Link Information Disclosure Dir 615
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

D-Link Authentication Bypass Dir 615
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Denial Of Service CSRF D-Link +1
NVD
EPSS 31% CVSS 7.5
HIGH POC THREAT Act Now

On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an unauthenticated GET request to trigger a reboot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 30.9%.

D-Link Information Disclosure Dir 605l Firmware
NVD Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL Act Now

D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 615 Firmware
NVD
EPSS 6% CVSS 8.8
HIGH POC This Week

login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 600M Firmware
NVD Exploit-DB
EPSS 31% 4.4 CVSS 9.8
CRITICAL POC THREAT Emergency

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 30.9%.

D-Link Information Disclosure Dvg N5402Sp Firmware
NVD Exploit-DB
EPSS 33% 4.5 CVSS 9.8
CRITICAL POC THREAT Emergency

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 33.1%.

D-Link Authentication Bypass Dvg N5402Sp Firmware
NVD Exploit-DB
EPSS 89% 5.7 CVSS 7.5
HIGH POC THREAT Act Now

Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.4%.

Path Traversal D-Link Dvg N5402Sp Firmware
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Dcs 2230L Firmware +25
NVD Exploit-DB
EPSS 1% CVSS 8.1
HIGH PATCH This Week

D-Link DAP-1353 H/W vers. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

D-Link Information Disclosure Dap 1353 H W B1 Firmware +2
NVD
EPSS 15% CVSS 9.8
CRITICAL PATCH Act Now

Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.9%.

Buffer Overflow D-Link Dap 3662 Firmware +9
NVD
EPSS 62% 4.9 CVSS 7.5
HIGH POC THREAT Act Now

Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 62.4%.

Path Traversal D-Link Dwr 116 Firmware
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Dir 615 Firmware
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH This Week

CSRF exists on D-Link DIR-600M Rev. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF D-Link +1
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Dsl 2730U Firmware
NVD Exploit-DB
EPSS 1% CVSS 8.0
HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Di 524 Firmware
NVD Exploit-DB
EPSS 46% 4.4 CVSS 7.5
HIGH POC PATCH THREAT Act Now

D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 46.4%.

D-Link Information Disclosure Websmart Dgs 1510 Series Firmware
NVD GitHub Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass D-Link Websmart Dgs 1510 Series Firmware
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dwr 932B Firmware
NVD VulDB
EPSS 3% CVSS 7.5
HIGH POC This Week

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dwr 932B Firmware
NVD VulDB
EPSS 6% CVSS 7.5
HIGH POC This Week

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal D-Link Dwr 932B Firmware
NVD VulDB
EPSS 6% CVSS 7.5
HIGH POC This Week

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal D-Link Dwr 932B Firmware
NVD VulDB
EPSS 49% 4.9 CVSS 9.8
CRITICAL POC THREAT Emergency

An issue was discovered on the D-Link DWR-932B router. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 49.3%.

D-Link Command Injection Dwr 932B Firmware
NVD VulDB
EPSS 12% CVSS 7.5
HIGH POC THREAT Act Now

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.1%.

D-Link Information Disclosure Dwr 932B Firmware
NVD VulDB
EPSS 3% CVSS 7.5
HIGH POC This Week

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dwr 932B Firmware
NVD VulDB
EPSS 12% CVSS 7.5
HIGH POC THREAT Act Now

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.0%.

D-Link Authentication Bypass Dwr 932B Firmware
NVD VulDB
EPSS 22% 4.1 CVSS 9.8
CRITICAL POC THREAT Emergency

An issue was discovered on the D-Link DWR-932B router. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.2%.

D-Link Information Disclosure Dwr 932B Firmware
NVD VulDB
EPSS 20% 4.1 CVSS 9.8
CRITICAL POC THREAT Emergency

An issue was discovered on the D-Link DWR-932B router. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.1%.

D-Link Authentication Bypass Dwr 932B Firmware
NVD VulDB
EPSS 1% CVSS 8.1
HIGH POC This Week

D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dgs 1100 Firmware
NVD
EPSS 35% CVSS 9.8
CRITICAL Emergency

Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 35.3% and no vendor patch available.

RCE D-Link Buffer Overflow +10
NVD
EPSS 14% CVSS 6.8
MEDIUM POC THREAT This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 14.4%.

CSRF D-Link Dir 816L Firmware
NVD Exploit-DB
EPSS 12% CVSS 10.0
CRITICAL POC THREAT Emergency

Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.6%.

RCE D-Link Buffer Overflow +1
NVD
EPSS 93% 7.5 CVSS 8.8
HIGH POC KEV THREAT Act Now

The D-Link DIR-645 Wired/Wireless Router Rev. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection D-Link
NVD Exploit-DB VulDB
EPSS 1% CVSS 10.0
CRITICAL Act Now

D-Link DAP-1320 Rev Ax with firmware before 1.21b05 allows attackers to execute arbitrary commands via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dap 1320 Firmware
NVD
EPSS 83% 5.8 CVSS 9.0
CRITICAL POC THREAT Emergency

Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.9%.

RCE D-Link File Upload +1
NVD Exploit-DB
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF D-Link Dcs 931l Firmware
NVD
EPSS 21% CVSS 3.5
LOW POC THREAT Monitor

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1). Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 21.1%.

XSS D-Link Dsl 2730B Firmware
NVD Exploit-DB
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS D-Link Dap 1360 Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF D-Link Dap 1360 Firmware
NVD
EPSS 0% CVSS 5.0
MEDIUM POC This Month

index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows remote attackers to bypass authentication and obtain sensitive information by setting the client_login cookie to admin. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dap 1360 Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF D-Link Dap 1360 Firmware
NVD
EPSS 41% 5.8 CVSS 8.0
HIGH POC KEV PATCH THREAT Act Now

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

PHP D-Link CSRF
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS D-Link Dir 655 Firmware +1
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS D-Link Dcs 2103 Firmware
NVD
EPSS 0% CVSS 5.0
MEDIUM POC This Month

D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal D-Link Dcs 2103 Hd Cube Network Camera Firmware
NVD
EPSS 0% CVSS 5.0
MEDIUM POC This Month

Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal D-Link Dcs 2103 Hd Cube Network Camera Firmware
NVD
EPSS 18% CVSS 7.8
HIGH POC THREAT Act Now

Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.5%.

Denial Of Service Netgear D-Link +6
NVD Exploit-DB
EPSS 92% 5.1 CVSS 4.3
MEDIUM POC PATCH THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 92.2%.

XSS PHP D-Link +2
NVD Exploit-DB
EPSS 3% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS D-Link Dsl 2760U E1
NVD Exploit-DB
EPSS 84% 6.0 CVSS 10.0
CRITICAL POC THREAT Emergency

Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 84.3%.

RCE D-Link Buffer Overflow +6
NVD Exploit-DB
EPSS 0% CVSS 7.5
HIGH POC This Week

Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi D-Link Dap 1350 Firmware +1
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in D-Link DAP 1150 with firmware 1.2.94 allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS D-Link Dap 1150 Firmware +1
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP 1150 with firmware 1.2.94 allow remote attackers to hijack the authentication of administrators for requests that (1) enable. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Google D-Link +2
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

D-Link DIR-505L SharePort Mobile Companion 1.01 and DIR-826L Wireless N600 Cloud Router 1.02 allows remote attackers to bypass authentication via a direct request when an authorized session is active. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

D-Link Authentication Bypass Dir 826L Wireless N600 Cloud Router Firmware +3
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in D-Link DAP-2253 Access Point (Rev. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

D-Link XSS Dap 2253 Firmware +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in D-Link DAP-2253 Access Point (Rev. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF D-Link Dap 2253 Firmware +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The OSPF implementation on the D-Link DES-3810-28 switch with firmware R2.20.B017 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before. Rated medium severity (CVSS 5.4). No vendor patch available.

Denial Of Service D-Link Des 3810 28 Firmware +1
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

D-Link TP-Link XSS +9
NVD
Prev Page 15 of 16 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy