Skip to main content

D-Link

1370 CVEs vendor

Monthly

CVE-2026-5214 HIGH POC This Week

Stack-based buffer overflow in D-Link NAS device management interfaces allows authenticated remote attackers to execute arbitrary code with high impact across 21 product models. The vulnerability resides in the cgi_addgroup_get_group_quota_minsize function within /cgi-bin/account_mgr.cgi, exploitable via malicious Name parameter input. Public exploit code exists on GitHub, significantly lowering the technical barrier for attacks. Authentication is required (PR:L), but once authenticated, attackers achieve full confidentiality, integrity, and availability compromise. EPSS and KEV status not provided, but the combination of public POC, network accessibility (AV:N), low complexity (AC:L), and widespread device deployment represents material risk to organizations using affected D-Link NAS products.

D-Link Buffer Overflow Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5213 HIGH POC This Week

Stack-based buffer overflow in D-Link NAS devices allows authenticated remote attackers to achieve complete system compromise with high-confidence exploitation. Affects 20+ D-Link DNS and DNR series network storage products through firmware versions released until February 5, 2026. Publicly available exploit code exists targeting the account_mgr.cgi component, enabling remote code execution with low attack complexity once authenticated. CVSS 8.8 (High) with confirmed proof-of-concept demonstrates practical exploitability despite requiring low-privilege authentication.

D-Link Stack Overflow Buffer Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5212 HIGH POC This Week

Stack-based buffer overflow in D-Link NAS devices enables authenticated remote attackers to execute arbitrary code with full system privileges. Affecting 20+ end-of-life D-Link DNS and DNR network storage models through firmware version 20260205, the flaw resides in the Webdav_Upload_File function within /cgi-bin/webdav_mgr.cgi. Publicly available exploit code exists, significantly lowering the barrier to exploitation. CVSS 8.8 (High) reflects network-accessible attack requiring only low-privilege authentication with no user interaction. Organizations using these legacy devices face immediate risk of complete confidentiality, integrity, and availability compromise.

D-Link Stack Overflow Buffer Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-5211 HIGH POC This Week

Stack-based buffer overflow in D-Link NAS devices enables remote code execution with high integrity impact for authenticated users. The vulnerability resides in the UPnP_AV_Server_Path_Del function within /cgi-bin/app_mgr.cgi, exploitable via manipulation of the f_dir parameter. With CVSS 8.8 (High), low attack complexity (AC:L), network accessibility (AV:N), and publicly available exploit code, this represents an elevated threat to approximately 20 legacy D-Link NAS models through firmware versions up to 20260205. No vendor-released patch identified at time of analysis, and many affected models appear to be end-of-life products.

D-Link Buffer Overflow Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5024 HIGH POC Monitor

Stack-based buffer overflow in D-Link DIR-513 1.10 router's email configuration interface allows authenticated remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability affects the formSetEmail function via manipulation of the curTime parameter. Publicly available exploit code exists on GitHub, significantly lowering the exploitation barrier. CRITICAL LIMITATION: This product reached end-of-life and receives no security updates from D-Link, making this a permanent risk for deployed devices. CVSS 8.8 with low attack complexity and CVSS:3.1 Exploit Maturity 'Proof-of-Concept' confirms immediate exploitability.

D-Link Buffer Overflow Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-4627 HIGH This Week

An OS command injection vulnerability exists in D-Link DIR-825 and DIR-825R routers running firmware versions 1.0.5 and 4.5.1 respectively. The flaw resides in the handler_update_system_time function within the libdeuteron_modules.so library of the NTP Service component, allowing authenticated attackers with high privileges to execute arbitrary operating system commands remotely. These products are end-of-life and no longer supported by D-Link, meaning no patches will be released.

D-Link Command Injection
NVD VulDB
CVSS 4.0
8.6
EPSS
0.2%
CVE-2026-4555 HIGH POC This Week

Remote code execution in D-Link DIR-513 1.10 through stack-based buffer overflow in the /goform/formEasySetTimezone endpoint allows authenticated attackers to achieve full system compromise. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from the vendor. An attacker with valid credentials can exploit this remotely without user interaction to execute arbitrary commands with system privileges.

D-Link Buffer Overflow Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-4529 HIGH POC This Week

Stack-based buffer overflow in D-Link DHP-1320 PowerLine AV adapter (firmware 1.00WWB04) allows remote authenticated attackers to execute arbitrary code with full device control via malformed SOAP requests to the redirect_count_down_page function. Publicly available exploit code exists on GitHub (confirmed by VulDB). EPSS score of 0.04% (14th percentile) indicates low observed exploitation in the wild despite POC availability. Product reached end-of-life and receives no security updates from D-Link, making this a permanent risk for deployed devices.

Stack Overflow D-Link Buffer Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-4499 MEDIUM POC This Month

An OS command injection vulnerability exists in the D-Link DIR-820LW router firmware version 2.03, specifically in the ssdpcgi_main function of the SSDP component. The vulnerability allows remote, unauthenticated attackers to execute arbitrary operating system commands via manipulation of the HTTP_ST environment variable. A proof-of-concept exploit has been publicly disclosed on GitHub, making this an immediate concern for organizations using affected devices.

Command Injection D-Link
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.7%
CVE-2026-4486 HIGH POC This Week

Remote code execution in D-Link DIR-513 1.10 via stack-based buffer overflow in the /goform/formEasySetPassword endpoint allows unauthenticated attackers to achieve full system compromise through a malicious curTime parameter. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from the vendor. An attacker with network access can execute arbitrary code with high privileges without user interaction.

Buffer Overflow D-Link Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-4465 LOW Monitor

OS command injection in D-Link DIR-513 1.10 via the /goform/formSysCmd endpoint allows authenticated remote attackers to execute arbitrary commands with network access. The vulnerability stems from insufficient input validation of the sysCmd parameter and has public exploit code available. No patch is available, and affected devices are no longer supported by D-Link.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.5%
CVE-2026-4197 LOW Monitor

Command injection in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-325 series, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 up to firmware version 20260205) allows authenticated remote attackers to execute arbitrary commands through the /cgi-bin/download_mgr.cgi file's RSS management functions. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2026-4196 LOW Monitor

Command injection in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-323-327L, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, DNS-1550-04 through firmware version 20260205) allows authenticated remote attackers to execute arbitrary commands via the /cgi-bin/remote_backup.cgi backup scheduling functions. Public exploit code exists for this vulnerability and no patch is currently available.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2026-4195 LOW Monitor

Command injection in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-323 through DNS-1550-04 with firmware prior to 20260205) allows authenticated remote attackers to execute arbitrary commands via the /cgi-bin/wizard_mgr.cgi endpoint. Public exploit code is available and no patch is currently available for affected users.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.5%
CVE-2026-4194 MEDIUM This Month

Improper access controls in D-Link NAS devices (DNS-120, DNS-323, DNS-345, DNS-1200-05, and others through firmware version 20260205) allow unauthenticated remote attackers to manipulate the cgi_set_wto function in /cgi-bin/system_mgr.cgi, potentially gaining unauthorized access or modifying system settings. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Information Disclosure
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4193 MEDIUM This Month

Improper access control in D-Link DIR-823G 1.0.2B05's goahead component allows unauthenticated remote attackers to manipulate multiple configuration functions including firewall, network, and security settings. The vulnerability affects a wide range of device management functions and has been publicly disclosed with no patch currently available. Affected organizations should implement network segmentation and access controls to limit exposure to this remotely exploitable flaw.

D-Link Information Disclosure
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-4214 HIGH POC This Week

Stack-based buffer overflow in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-326, DNS-1100-4, and others) through the UPnP_AV_Server_Path_Setting function in /cgi-bin/app_mgr.cgi allows authenticated remote attackers to achieve complete system compromise with high integrity, confidentiality, and availability impact. Public exploit code exists for this vulnerability, and no patch is currently available.

Buffer Overflow D-Link Stack Overflow Dns 320lw Dns 323 +18
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4213 HIGH POC This Week

Stack-based buffer overflow in D-Link DNS storage appliances (DNS-120, DNS-340L, DNS-1200-05 and others) through the /cgi-bin/gui_mgr.cgi endpoint allows remote authenticated attackers to achieve code execution. Public exploit code exists for this vulnerability, and no patch is currently available. Affected firmware versions are dated up to February 5, 2026.

Stack Overflow Buffer Overflow D-Link Dns 120 Dns 340l +18
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-4212 HIGH POC This Week

Stack-based buffer overflow in D-Link DNS NAS devices (DNS-120 through DNS-1550-04) allows authenticated attackers to achieve remote code execution via the Downloads_Schedule_Info function in /cgi-bin/download_mgr.cgi. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can be executed over the network with high impact on confidentiality, integrity, and availability.

D-Link Buffer Overflow Stack Overflow Dns 1550 04 Dns 343 +18
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4211 HIGH POC This Week

Stack-based buffer overflow in D-Link DNS and DNR network storage devices allows authenticated remote attackers to execute arbitrary code by manipulating the f_idx parameter in the local_backup_mgr.cgi endpoint. Public exploit code exists for this vulnerability, which affects multiple device models up to firmware version 20260205 with no patch currently available. An attacker with valid credentials can trigger memory corruption to achieve complete system compromise including code execution, data theft, and service disruption.

D-Link Buffer Overflow Stack Overflow Dns 315l Dns 120 +18
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4210 LOW POC Monitor

Command injection in D-Link NAS devices (DNS-320, DNS-327L, DNS-345 and others) through the time_machine.cgi script allows authenticated remote attackers to execute arbitrary commands with network access. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Command Injection
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.5%
CVE-2026-4209 LOW POC Monitor

Command injection in D-Link NAS devices (DNS-120, DNS-325, DNR-322L, DNS-327L and others) allows authenticated remote attackers to execute arbitrary commands through multiple user and group management CGI functions. Public exploit code exists for this vulnerability, and patches are not currently available. An attacker with valid credentials could leverage this to compromise the NAS system and potentially access or manipulate stored data.

D-Link Command Injection
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.4%
CVE-2026-4207 LOW POC Monitor

Command injection in D-Link NAS devices (DNS-320, DNS-325, DNS-343, DNR-322L and others) through the /cgi-bin/system_mgr.cgi interface allows authenticated remote attackers to execute arbitrary commands. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Command Injection
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.4%
CVE-2026-4206 LOW POC Monitor

A security vulnerability in A vulnerability (CVSS 6.3). Risk factors: public PoC available.

D-Link Command Injection
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.4%
CVE-2026-4205 LOW POC Monitor

A security vulnerability in A vulnerability (CVSS 6.3). Risk factors: public PoC available.

Command Injection D-Link
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.4%
CVE-2026-4204 LOW POC Monitor

A security vulnerability in A flaw (CVSS 6.3). Risk factors: public PoC available.

Command Injection D-Link
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.5%
CVE-2026-4203 LOW POC Monitor

Command injection in D-Link DNS and DNR network attached storage devices allows authenticated remote attackers to execute arbitrary commands through multiple CGI functions in the network management interface. The vulnerability affects numerous models up to firmware version 20260205, and public exploit code is available. An attacker with valid credentials can leverage this to compromise device integrity and potentially access the network.

Command Injection D-Link
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.4%
CVE-2026-4188 HIGH POC This Week

Remote code execution in D-Link DIR-619L 2.06B01 results from a stack-based buffer overflow in the formSchedule function when the curTime parameter is manipulated via the /goform/formSchedule endpoint. An authenticated remote attacker can exploit this vulnerability to achieve full system compromise, and public exploit code is currently available. This vulnerability affects only end-of-life devices that no longer receive security updates.

Buffer Overflow D-Link Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-4184 CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in the D-Link DIR-816 router (version 1.10CNB05) that allows remote attackers to execute arbitrary code without authentication. A public proof-of-concept exploit is available on GitHub, making this vulnerability actively exploitable. However, D-Link no longer supports this product, meaning no patch will be released.

Buffer Overflow D-Link Stack Overflow Dir 816
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-4183 CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 router firmware version 1.10CNB05, affecting the wireless configuration interface (/goform/form2WlanBasicSetup.cgi). A publicly available proof-of-concept exploit exists, allowing remote attackers without authentication to achieve complete system compromise. The vulnerability affects end-of-life products no longer supported by D-Link, making patches unlikely.

Buffer Overflow D-Link Stack Overflow Dir 816
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-4182 CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in the D-Link DIR-816 router (version 1.10CNB05) that allows remote attackers to achieve full system compromise without authentication. A public proof-of-concept exploit is available on GitHub, and the vulnerability affects end-of-life products no longer supported by D-Link, making this a high-risk issue for organizations still using these devices.

Buffer Overflow D-Link Stack Overflow Dir 816
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-4181 HIGH POC This Week

Critical stack-based buffer overflow vulnerability in the D-Link DIR-816 router (firmware version 1.10CNB05) that allows remote attackers to execute arbitrary code without authentication. A public proof-of-concept exploit is available, and the vulnerability affects end-of-life products no longer supported by D-Link, making this a high-risk issue for organizations still using these devices.

Buffer Overflow D-Link Stack Overflow
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.1%
CVE-2026-4180 MEDIUM POC This Month

CVE-2026-4180 is an authentication bypass vulnerability in the D-Link DIR-816 router (version 1.10CNB05) affecting the redirect.asp file in the goahead component, allowing remote attackers to gain unauthorized access without authentication. A public proof-of-concept exploit is available and the affected product is no longer supported by D-Link, making this vulnerability permanently unpatched.

Authentication Bypass D-Link
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-70245 CRITICAL Act Now

D-Link DIR-513 router (v1.10) has a stack buffer overflow in the curTime parameter of formSetWizardSelectMode. This is an end-of-life router with no expected patch, meaning exploitation will remain possible indefinitely.

Buffer Overflow D-Link RCE Dir 513 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-3978 HIGH This Week

Remote code execution in D-Link DIR-513 firmware version 1.10 through a stack-based buffer overflow in the /goform/formEasySetupWizard3 endpoint allows unauthenticated attackers to achieve full system compromise over the network. The vulnerability can be exploited with minimal complexity using publicly available exploit code, and no patch is currently available to remediate the issue.

Buffer Overflow D-Link Dir 513 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-70244 HIGH POC This Week

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanSetup. [CVSS 7.5 HIGH]

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-70251 HIGH POC This Week

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanGuestSetup. [CVSS 7.5 HIGH]

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-70249 HIGH POC This Week

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard2. [CVSS 7.5 HIGH]

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-70247 HIGH POC This Week

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard1. [CVSS 7.5 HIGH]

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-70246 HIGH POC This Week

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formVirtualServ. [CVSS 7.5 HIGH]

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-70242 HIGH POC This Week

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formSetWanPPTP. [CVSS 7.5 HIGH]

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-70227 HIGH POC This Week

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the nextPage parameter to goform/formLanguageChange. [CVSS 7.5 HIGH]

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-70250 HIGH POC This Week

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formdumpeasysetup. [CVSS 7.5 HIGH]

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-70243 HIGH POC This Week

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard534. [CVSS 7.5 HIGH]

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-70238 HIGH POC This Week

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard52. [CVSS 7.5 HIGH]

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-29165 CRITICAL Act Now

Privilege escalation in D-Link DIR-1253 MESH V1.6.1684 via etc/shadow.sample.

D-Link Privilege Escalation
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70233 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70232 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70231 CRITICAL POC Act Now

Path traversal in D-Link DIR-513 verification code processing. PoC available.

D-Link Path Traversal Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70230 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDDNS. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70229 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSchedule. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70222 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin,goform/getAuthCode. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70225 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWWConfig. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70221 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-46108 CRITICAL POC Act Now

D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup. [CVSS 9.8 CRITICAL]

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70219 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formDeviceReboot. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70226 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70223 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70220 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70218 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvFirewall. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-3485 CRITICAL POC Act Now

Command injection in D-Link DIR-868L via SSDP service. PoC available.

D-Link Command Injection Dir 868l Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-70240 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard51. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70239 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70234 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70241 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWANType_Wizard5. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70237 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70236 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDomainFilter. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-71057 HIGH This Week

Improper session management in D-Link Wireless N 300 ADSL2+ Modem Router DSL-124 ME_1.00 allows attackers to execute a session hijacking attack via spoofing the IP address of an authenticated user. [CVSS 8.2 HIGH]

D-Link Authentication Bypass
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-2962 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 1.01.07 firmware's scheduled reboot configuration endpoint allows authenticated remote attackers to achieve full system compromise through the submit-url parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw requires valid credentials but has a high attack surface due to network accessibility and the severity of potential impacts including code execution and data exfiltration.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2961 HIGH POC This Week

Remote code execution in D-Link DWR-M960 firmware through a stack buffer overflow in the VPN configuration endpoint allows authenticated attackers to execute arbitrary code by manipulating the submit-url parameter. The vulnerability affects firmware version 1.01.07 and public exploit code exists, though no patch is currently available.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2960 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to execute arbitrary code by manipulating the submit-url parameter in the /boafrm/formDhcpv6s function. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2959 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware (version 1.01.07) allows authenticated attackers to achieve remote code execution via a malicious URL parameter in the /boafrm/formNewSchedule function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but no user interaction, posing a significant risk to affected devices.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2958 HIGH POC This Week

Remote code execution in D-Link DWR-M960 firmware 1.01.07 via stack-based buffer overflow in the /boafrm/formWsc endpoint allows authenticated attackers to achieve full system compromise through manipulation of the save_apply parameter. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2929 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to achieve arbitrary code execution by manipulating the submit-url parameter in the wireless access control endpoint. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2928 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware (version 1.01.07) WLAN encryption configuration endpoint allows authenticated remote attackers to execute arbitrary code with high integrity and confidentiality impact. The vulnerability exists in the submit-url parameter handling within the /boafrm/formWlEncrypt component and has public exploit code available. No patch is currently available for this vulnerability.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2927 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve code execution by manipulating the submit-url parameter in the Operation Mode Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can leverage this flaw to fully compromise affected devices.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2926 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to execute arbitrary code by manipulating the submit-url parameter in the LTE Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can leverage this flaw to achieve complete system compromise including confidentiality, integrity, and availability breaches.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2925 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve complete system compromise through manipulation of the submit-url parameter in the Bridge VLAN Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can execute arbitrary code with full system privileges.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2885 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 1.01.07 firmware allows remote authenticated attackers to achieve complete system compromise through crafted input to the IPv6 setup function. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can execute arbitrary code with full system privileges.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2884 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve arbitrary code execution through a malformed submit-url parameter in the WAN interface configuration handler. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can leverage this to gain complete system compromise.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2883 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows remote attackers with low privileges to achieve complete system compromise through manipulation of the submit-url parameter in the /boafrm/formIpQoS function. Public exploit code exists for this vulnerability and no patch is currently available, creating immediate risk for affected deployments.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2882 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve arbitrary code execution by manipulating the submit-url parameter in the /boafrm/formDosCfg function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires low complexity with no user interaction, affecting device confidentiality, integrity, and availability.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2881 HIGH POC This Week

Remote code execution in D-Link DWR-M960 firmware through stack-based buffer overflow in the Advanced Firewall Configuration endpoint allows authenticated attackers to achieve complete system compromise. The vulnerability exists in the /boafrm/formFirewallAdv component where improper input validation on the submit-url parameter enables stack overflow attacks. Public exploit code is available and no patch has been released.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2857 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to achieve complete system compromise through the Port Forwarding Configuration endpoint. The vulnerability exists in the submit-url parameter processing and has public exploit code available. Affected devices are remotely exploitable by authenticated users with no user interaction required.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2856 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware 1.01.07 Filter Configuration endpoint allows authenticated remote attackers to achieve full system compromise through a malicious submit-url parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but executes with no user interaction needed.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2855 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware's DDNS settings handler allows authenticated remote attackers to achieve complete system compromise through a malicious submit-url parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects firmware version 1.01.07 and can be exploited without user interaction.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2854 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 NTP configuration endpoint allows remote authenticated attackers to achieve complete system compromise through manipulation of the submit-url parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw carries a high severity rating with CVSS score of 8.8 due to potential for remote code execution with minimal attack complexity.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2853 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to achieve full system compromise through manipulation of the submit-url parameter in the System Log Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can trigger this flaw to execute arbitrary code with complete control over confidentiality, integrity, and availability.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-26960 npm HIGH POC PATCH This Week

Path traversal in node-tar versions 7.5.7 and earlier allows local attackers to read and write arbitrary files outside the extraction directory by crafting malicious tar archives containing hardlinks that bypass extraction path validation. Public exploit code exists for this vulnerability, which affects default extraction configurations in Node.js and related Tar implementations. The vulnerability has been patched in node-tar 7.5.8.

D-Link Node.js Tar Red Hat Suse
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-25310 MEDIUM This Month

D-Link products versions 2.0.0 and earlier are vulnerable to server-side request forgery (SSRF) that allows authenticated attackers to make arbitrary HTTP requests from the affected system. This MEDIUM severity vulnerability requires valid credentials but enables attackers to bypass network controls and potentially access internal resources or services. No patch is currently available.

D-Link SSRF
NVD
CVSS 3.1
4.9
EPSS
0.0%
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in D-Link NAS device management interfaces allows authenticated remote attackers to execute arbitrary code with high impact across 21 product models. The vulnerability resides in the cgi_addgroup_get_group_quota_minsize function within /cgi-bin/account_mgr.cgi, exploitable via malicious Name parameter input. Public exploit code exists on GitHub, significantly lowering the technical barrier for attacks. Authentication is required (PR:L), but once authenticated, attackers achieve full confidentiality, integrity, and availability compromise. EPSS and KEV status not provided, but the combination of public POC, network accessibility (AV:N), low complexity (AC:L), and widespread device deployment represents material risk to organizations using affected D-Link NAS products.

D-Link Buffer Overflow Stack Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in D-Link NAS devices allows authenticated remote attackers to achieve complete system compromise with high-confidence exploitation. Affects 20+ D-Link DNS and DNR series network storage products through firmware versions released until February 5, 2026. Publicly available exploit code exists targeting the account_mgr.cgi component, enabling remote code execution with low attack complexity once authenticated. CVSS 8.8 (High) with confirmed proof-of-concept demonstrates practical exploitability despite requiring low-privilege authentication.

D-Link Stack Overflow Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in D-Link NAS devices enables authenticated remote attackers to execute arbitrary code with full system privileges. Affecting 20+ end-of-life D-Link DNS and DNR network storage models through firmware version 20260205, the flaw resides in the Webdav_Upload_File function within /cgi-bin/webdav_mgr.cgi. Publicly available exploit code exists, significantly lowering the barrier to exploitation. CVSS 8.8 (High) reflects network-accessible attack requiring only low-privilege authentication with no user interaction. Organizations using these legacy devices face immediate risk of complete confidentiality, integrity, and availability compromise.

D-Link Stack Overflow Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in D-Link NAS devices enables remote code execution with high integrity impact for authenticated users. The vulnerability resides in the UPnP_AV_Server_Path_Del function within /cgi-bin/app_mgr.cgi, exploitable via manipulation of the f_dir parameter. With CVSS 8.8 (High), low attack complexity (AC:L), network accessibility (AV:N), and publicly available exploit code, this represents an elevated threat to approximately 20 legacy D-Link NAS models through firmware versions up to 20260205. No vendor-released patch identified at time of analysis, and many affected models appear to be end-of-life products.

D-Link Buffer Overflow Stack Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC Monitor

Stack-based buffer overflow in D-Link DIR-513 1.10 router's email configuration interface allows authenticated remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability affects the formSetEmail function via manipulation of the curTime parameter. Publicly available exploit code exists on GitHub, significantly lowering the exploitation barrier. CRITICAL LIMITATION: This product reached end-of-life and receives no security updates from D-Link, making this a permanent risk for deployed devices. CVSS 8.8 with low attack complexity and CVSS:3.1 Exploit Maturity 'Proof-of-Concept' confirms immediate exploitability.

D-Link Buffer Overflow Stack Overflow
NVD VulDB GitHub
EPSS 0% CVSS 8.6
HIGH This Week

An OS command injection vulnerability exists in D-Link DIR-825 and DIR-825R routers running firmware versions 1.0.5 and 4.5.1 respectively. The flaw resides in the handler_update_system_time function within the libdeuteron_modules.so library of the NTP Service component, allowing authenticated attackers with high privileges to execute arbitrary operating system commands remotely. These products are end-of-life and no longer supported by D-Link, meaning no patches will be released.

D-Link Command Injection
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Remote code execution in D-Link DIR-513 1.10 through stack-based buffer overflow in the /goform/formEasySetTimezone endpoint allows authenticated attackers to achieve full system compromise. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from the vendor. An attacker with valid credentials can exploit this remotely without user interaction to execute arbitrary commands with system privileges.

D-Link Buffer Overflow Stack Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in D-Link DHP-1320 PowerLine AV adapter (firmware 1.00WWB04) allows remote authenticated attackers to execute arbitrary code with full device control via malformed SOAP requests to the redirect_count_down_page function. Publicly available exploit code exists on GitHub (confirmed by VulDB). EPSS score of 0.04% (14th percentile) indicates low observed exploitation in the wild despite POC availability. Product reached end-of-life and receives no security updates from D-Link, making this a permanent risk for deployed devices.

Stack Overflow D-Link Buffer Overflow
NVD VulDB GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An OS command injection vulnerability exists in the D-Link DIR-820LW router firmware version 2.03, specifically in the ssdpcgi_main function of the SSDP component. The vulnerability allows remote, unauthenticated attackers to execute arbitrary operating system commands via manipulation of the HTTP_ST environment variable. A proof-of-concept exploit has been publicly disclosed on GitHub, making this an immediate concern for organizations using affected devices.

Command Injection D-Link
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Remote code execution in D-Link DIR-513 1.10 via stack-based buffer overflow in the /goform/formEasySetPassword endpoint allows unauthenticated attackers to achieve full system compromise through a malicious curTime parameter. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from the vendor. An attacker with network access can execute arbitrary code with high privileges without user interaction.

Buffer Overflow D-Link Stack Overflow
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW Monitor

OS command injection in D-Link DIR-513 1.10 via the /goform/formSysCmd endpoint allows authenticated remote attackers to execute arbitrary commands with network access. The vulnerability stems from insufficient input validation of the sysCmd parameter and has public exploit code available. No patch is available, and affected devices are no longer supported by D-Link.

D-Link Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Command injection in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-325 series, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 up to firmware version 20260205) allows authenticated remote attackers to execute arbitrary commands through the /cgi-bin/download_mgr.cgi file's RSS management functions. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Command injection in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-323-327L, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, DNS-1550-04 through firmware version 20260205) allows authenticated remote attackers to execute arbitrary commands via the /cgi-bin/remote_backup.cgi backup scheduling functions. Public exploit code exists for this vulnerability and no patch is currently available.

D-Link Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Command injection in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-323 through DNS-1550-04 with firmware prior to 20260205) allows authenticated remote attackers to execute arbitrary commands via the /cgi-bin/wizard_mgr.cgi endpoint. Public exploit code is available and no patch is currently available for affected users.

D-Link Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access controls in D-Link NAS devices (DNS-120, DNS-323, DNS-345, DNS-1200-05, and others through firmware version 20260205) allow unauthenticated remote attackers to manipulate the cgi_set_wto function in /cgi-bin/system_mgr.cgi, potentially gaining unauthorized access or modifying system settings. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control in D-Link DIR-823G 1.0.2B05's goahead component allows unauthenticated remote attackers to manipulate multiple configuration functions including firewall, network, and security settings. The vulnerability affects a wide range of device management functions and has been publicly disclosed with no patch currently available. Affected organizations should implement network segmentation and access controls to limit exposure to this remotely exploitable flaw.

D-Link Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-326, DNS-1100-4, and others) through the UPnP_AV_Server_Path_Setting function in /cgi-bin/app_mgr.cgi allows authenticated remote attackers to achieve complete system compromise with high integrity, confidentiality, and availability impact. Public exploit code exists for this vulnerability, and no patch is currently available.

Buffer Overflow D-Link Stack Overflow +20
NVD VulDB GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DNS storage appliances (DNS-120, DNS-340L, DNS-1200-05 and others) through the /cgi-bin/gui_mgr.cgi endpoint allows remote authenticated attackers to achieve code execution. Public exploit code exists for this vulnerability, and no patch is currently available. Affected firmware versions are dated up to February 5, 2026.

Stack Overflow Buffer Overflow D-Link +20
NVD VulDB GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DNS NAS devices (DNS-120 through DNS-1550-04) allows authenticated attackers to achieve remote code execution via the Downloads_Schedule_Info function in /cgi-bin/download_mgr.cgi. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can be executed over the network with high impact on confidentiality, integrity, and availability.

D-Link Buffer Overflow Stack Overflow +20
NVD VulDB GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DNS and DNR network storage devices allows authenticated remote attackers to execute arbitrary code by manipulating the f_idx parameter in the local_backup_mgr.cgi endpoint. Public exploit code exists for this vulnerability, which affects multiple device models up to firmware version 20260205 with no patch currently available. An attacker with valid credentials can trigger memory corruption to achieve complete system compromise including code execution, data theft, and service disruption.

D-Link Buffer Overflow Stack Overflow +20
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Command injection in D-Link NAS devices (DNS-320, DNS-327L, DNS-345 and others) through the time_machine.cgi script allows authenticated remote attackers to execute arbitrary commands with network access. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Command Injection
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Command injection in D-Link NAS devices (DNS-120, DNS-325, DNR-322L, DNS-327L and others) allows authenticated remote attackers to execute arbitrary commands through multiple user and group management CGI functions. Public exploit code exists for this vulnerability, and patches are not currently available. An attacker with valid credentials could leverage this to compromise the NAS system and potentially access or manipulate stored data.

D-Link Command Injection
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Command injection in D-Link NAS devices (DNS-320, DNS-325, DNS-343, DNR-322L and others) through the /cgi-bin/system_mgr.cgi interface allows authenticated remote attackers to execute arbitrary commands. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Command Injection
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

A security vulnerability in A vulnerability (CVSS 6.3). Risk factors: public PoC available.

D-Link Command Injection
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

A security vulnerability in A vulnerability (CVSS 6.3). Risk factors: public PoC available.

Command Injection D-Link
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

A security vulnerability in A flaw (CVSS 6.3). Risk factors: public PoC available.

Command Injection D-Link
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Command injection in D-Link DNS and DNR network attached storage devices allows authenticated remote attackers to execute arbitrary commands through multiple CGI functions in the network management interface. The vulnerability affects numerous models up to firmware version 20260205, and public exploit code is available. An attacker with valid credentials can leverage this to compromise device integrity and potentially access the network.

Command Injection D-Link
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Remote code execution in D-Link DIR-619L 2.06B01 results from a stack-based buffer overflow in the formSchedule function when the curTime parameter is manipulated via the /goform/formSchedule endpoint. An authenticated remote attacker can exploit this vulnerability to achieve full system compromise, and public exploit code is currently available. This vulnerability affects only end-of-life devices that no longer receive security updates.

Buffer Overflow D-Link Stack Overflow
NVD VulDB GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in the D-Link DIR-816 router (version 1.10CNB05) that allows remote attackers to execute arbitrary code without authentication. A public proof-of-concept exploit is available on GitHub, making this vulnerability actively exploitable. However, D-Link no longer supports this product, meaning no patch will be released.

Buffer Overflow D-Link Stack Overflow +1
NVD VulDB GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 router firmware version 1.10CNB05, affecting the wireless configuration interface (/goform/form2WlanBasicSetup.cgi). A publicly available proof-of-concept exploit exists, allowing remote attackers without authentication to achieve complete system compromise. The vulnerability affects end-of-life products no longer supported by D-Link, making patches unlikely.

Buffer Overflow D-Link Stack Overflow +1
NVD VulDB GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in the D-Link DIR-816 router (version 1.10CNB05) that allows remote attackers to achieve full system compromise without authentication. A public proof-of-concept exploit is available on GitHub, and the vulnerability affects end-of-life products no longer supported by D-Link, making this a high-risk issue for organizations still using these devices.

Buffer Overflow D-Link Stack Overflow +1
NVD VulDB GitHub
EPSS 0% CVSS 8.9
HIGH POC This Week

Critical stack-based buffer overflow vulnerability in the D-Link DIR-816 router (firmware version 1.10CNB05) that allows remote attackers to execute arbitrary code without authentication. A public proof-of-concept exploit is available, and the vulnerability affects end-of-life products no longer supported by D-Link, making this a high-risk issue for organizations still using these devices.

Buffer Overflow D-Link Stack Overflow
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

CVE-2026-4180 is an authentication bypass vulnerability in the D-Link DIR-816 router (version 1.10CNB05) affecting the redirect.asp file in the goahead component, allowing remote attackers to gain unauthorized access without authentication. A public proof-of-concept exploit is available and the affected product is no longer supported by D-Link, making this vulnerability permanently unpatched.

Authentication Bypass D-Link
NVD VulDB GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

D-Link DIR-513 router (v1.10) has a stack buffer overflow in the curTime parameter of formSetWizardSelectMode. This is an end-of-life router with no expected patch, meaning exploitation will remain possible indefinitely.

Buffer Overflow D-Link RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in D-Link DIR-513 firmware version 1.10 through a stack-based buffer overflow in the /goform/formEasySetupWizard3 endpoint allows unauthenticated attackers to achieve full system compromise over the network. The vulnerability can be exploited with minimal complexity using publicly available exploit code, and no patch is currently available to remediate the issue.

Buffer Overflow D-Link Dir 513 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC This Week

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanSetup. [CVSS 7.5 HIGH]

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC This Week

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanGuestSetup. [CVSS 7.5 HIGH]

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC This Week

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard2. [CVSS 7.5 HIGH]

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC This Week

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard1. [CVSS 7.5 HIGH]

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC This Week

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formVirtualServ. [CVSS 7.5 HIGH]

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC This Week

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formSetWanPPTP. [CVSS 7.5 HIGH]

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC This Week

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the nextPage parameter to goform/formLanguageChange. [CVSS 7.5 HIGH]

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC This Week

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formdumpeasysetup. [CVSS 7.5 HIGH]

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard534. [CVSS 7.5 HIGH]

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard52. [CVSS 7.5 HIGH]

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Privilege escalation in D-Link DIR-1253 MESH V1.6.1684 via etc/shadow.sample.

D-Link Privilege Escalation
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Path traversal in D-Link DIR-513 verification code processing. PoC available.

D-Link Path Traversal Dir 513 Firmware
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDDNS. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSchedule. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin,goform/getAuthCode. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWWConfig. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup. [CVSS 9.8 CRITICAL]

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formDeviceReboot. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvFirewall. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Command injection in D-Link DIR-868L via SSDP service. PoC available.

D-Link Command Injection Dir 868l Firmware
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard51. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWANType_Wizard5. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDomainFilter. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
EPSS 0% CVSS 8.2
HIGH This Week

Improper session management in D-Link Wireless N 300 ADSL2+ Modem Router DSL-124 ME_1.00 allows attackers to execute a session hijacking attack via spoofing the IP address of an authenticated user. [CVSS 8.2 HIGH]

D-Link Authentication Bypass
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 1.01.07 firmware's scheduled reboot configuration endpoint allows authenticated remote attackers to achieve full system compromise through the submit-url parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw requires valid credentials but has a high attack surface due to network accessibility and the severity of potential impacts including code execution and data exfiltration.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in D-Link DWR-M960 firmware through a stack buffer overflow in the VPN configuration endpoint allows authenticated attackers to execute arbitrary code by manipulating the submit-url parameter. The vulnerability affects firmware version 1.01.07 and public exploit code exists, though no patch is currently available.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to execute arbitrary code by manipulating the submit-url parameter in the /boafrm/formDhcpv6s function. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware (version 1.01.07) allows authenticated attackers to achieve remote code execution via a malicious URL parameter in the /boafrm/formNewSchedule function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but no user interaction, posing a significant risk to affected devices.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in D-Link DWR-M960 firmware 1.01.07 via stack-based buffer overflow in the /boafrm/formWsc endpoint allows authenticated attackers to achieve full system compromise through manipulation of the save_apply parameter. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to achieve arbitrary code execution by manipulating the submit-url parameter in the wireless access control endpoint. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware (version 1.01.07) WLAN encryption configuration endpoint allows authenticated remote attackers to execute arbitrary code with high integrity and confidentiality impact. The vulnerability exists in the submit-url parameter handling within the /boafrm/formWlEncrypt component and has public exploit code available. No patch is currently available for this vulnerability.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve code execution by manipulating the submit-url parameter in the Operation Mode Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can leverage this flaw to fully compromise affected devices.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to execute arbitrary code by manipulating the submit-url parameter in the LTE Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can leverage this flaw to achieve complete system compromise including confidentiality, integrity, and availability breaches.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve complete system compromise through manipulation of the submit-url parameter in the Bridge VLAN Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can execute arbitrary code with full system privileges.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 1.01.07 firmware allows remote authenticated attackers to achieve complete system compromise through crafted input to the IPv6 setup function. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can execute arbitrary code with full system privileges.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve arbitrary code execution through a malformed submit-url parameter in the WAN interface configuration handler. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can leverage this to gain complete system compromise.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows remote attackers with low privileges to achieve complete system compromise through manipulation of the submit-url parameter in the /boafrm/formIpQoS function. Public exploit code exists for this vulnerability and no patch is currently available, creating immediate risk for affected deployments.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve arbitrary code execution by manipulating the submit-url parameter in the /boafrm/formDosCfg function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires low complexity with no user interaction, affecting device confidentiality, integrity, and availability.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in D-Link DWR-M960 firmware through stack-based buffer overflow in the Advanced Firewall Configuration endpoint allows authenticated attackers to achieve complete system compromise. The vulnerability exists in the /boafrm/formFirewallAdv component where improper input validation on the submit-url parameter enables stack overflow attacks. Public exploit code is available and no patch has been released.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to achieve complete system compromise through the Port Forwarding Configuration endpoint. The vulnerability exists in the submit-url parameter processing and has public exploit code available. Affected devices are remotely exploitable by authenticated users with no user interaction required.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware 1.01.07 Filter Configuration endpoint allows authenticated remote attackers to achieve full system compromise through a malicious submit-url parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but executes with no user interaction needed.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware's DDNS settings handler allows authenticated remote attackers to achieve complete system compromise through a malicious submit-url parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects firmware version 1.01.07 and can be exploited without user interaction.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 NTP configuration endpoint allows remote authenticated attackers to achieve complete system compromise through manipulation of the submit-url parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw carries a high severity rating with CVSS score of 8.8 due to potential for remote code execution with minimal attack complexity.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to achieve full system compromise through manipulation of the submit-url parameter in the System Log Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can trigger this flaw to execute arbitrary code with complete control over confidentiality, integrity, and availability.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

Path traversal in node-tar versions 7.5.7 and earlier allows local attackers to read and write arbitrary files outside the extraction directory by crafting malicious tar archives containing hardlinks that bypass extraction path validation. Public exploit code exists for this vulnerability, which affects default extraction configurations in Node.js and related Tar implementations. The vulnerability has been patched in node-tar 7.5.8.

D-Link Node.js Tar +2
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

D-Link products versions 2.0.0 and earlier are vulnerable to server-side request forgery (SSRF) that allows authenticated attackers to make arbitrary HTTP requests from the affected system. This MEDIUM severity vulnerability requires valid credentials but enables attackers to bypass network controls and potentially access internal resources or services. No patch is currently available.

D-Link SSRF
NVD
Prev Page 2 of 16 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy