D-Link
Monthly
Remote code execution in D-Link DCS-931L camera firmware through OS command injection in the /goform/setSysAdmin endpoint allows authenticated attackers to execute arbitrary commands on affected devices. Public exploit code exists for this vulnerability, and no patch is available since the product is no longer supported by the vendor.
D-Link DCS-931L camera firmware versions up to 1.13.0 contain a command injection vulnerability in the /setSystemAdmin endpoint that allows remote attackers with high privileges to execute arbitrary commands by manipulating the AdminID parameter. Public exploit code exists for this vulnerability, though the affected devices are no longer supported by D-Link. An attacker with administrative access could achieve remote code execution on vulnerable cameras.
Command injection in D-Link DCS-933L firmware up to version 1.14.11 allows authenticated remote attackers to execute arbitrary commands through the AdminID parameter in the /setSystemAdmin endpoint. Public exploit code exists for this vulnerability, which affects only end-of-life devices no longer receiving security updates. An attacker with valid credentials can achieve remote code execution with limited system privileges.
D-Link DIR-823X firmware versions up to 250416 contain an OS command injection vulnerability in the /goform/set_filtering function that allows remote attackers with high privileges to execute arbitrary commands with full system access. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and administrative credentials but carries high confidentiality, integrity, and availability impact.
Di-7100G C1 Firmware versions up to 24.04.18d1 contains a vulnerability that allows attackers to command injection (CVSS 6.3).
Command injection in D-Link DI-7100G C1 firmware version 24.04.18D1 allows authenticated remote attackers to execute arbitrary commands through manipulation of the usb_username parameter in the set_jhttpd_info function. Public exploit code exists for this vulnerability, and no patch is currently available. The medium-severity flaw requires valid credentials but can be exploited over the network with minimal complexity.
Unauthenticated attackers can execute arbitrary operating system commands on D-Link DIR-823X routers through the /goform/set_upnp endpoint via the upnp_enable parameter. Public exploit code is available for this vulnerability, and no patch has been released. This allows complete compromise of affected devices with high impact on confidentiality, integrity, and availability.
Command injection in D-Link DWR-M921 firmware via the fota_url parameter allows authenticated remote attackers to execute arbitrary commands with network access. The vulnerability affects firmware version 1.1.50 and has public exploit code available. A patch is not currently available.
D-Link DWR-M921 firmware versions up to 1.1.50 contain a command injection vulnerability in the LTE firmware update function that allows authenticated remote attackers to execute arbitrary commands via a manipulated fota_url parameter. Public exploit code is available for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials could achieve remote code execution on affected devices.
Command injection in D-Link DIR-600 firmware through the ssdp.cgi file allows remote attackers to execute arbitrary commands by manipulating HTTP parameters (HTTP_ST, REMOTE_ADDR, REMOTE_PORT, SERVER_ID). Public exploit code exists for this vulnerability, though it affects only unsupported product versions. The attack requires high-level privileges but has low complexity and impacts confidentiality, integrity, and availability.
Remote code execution in D-Link DIR-823X routers through OS command injection in the static route configuration endpoint allows unauthenticated remote attackers to execute arbitrary commands with high privileges. The vulnerability affects the /goform/set_static_route_table function and can be exploited by manipulating interface, destination IP, netmask, gateway, or metric parameters. Public exploit code exists for this vulnerability, and no patch is currently available.
Remote code execution in D-Link DIR-823X routers through OS command injection in the DMZ configuration handler allows unauthenticated attackers to execute arbitrary commands on affected devices. The vulnerability exists in the /goform/set_dmz endpoint where the dmz_host and dmz_enable parameters are insufficiently sanitized, and public exploit code is currently available. Organizations using DIR-823X firmware should prioritize patching as no official fix is currently available.
Unauthenticated remote attackers can execute arbitrary OS commands on D-Link DIR-615 4.10 routers through manipulated routing parameters in the web configuration interface, requiring only network access and no user interaction. Public exploit code is available for this vulnerability, and D-Link has not released a patch for the end-of-life device.
Remote code execution in D-Link DIR-615 firmware through os command injection via the dmz_ipaddr parameter in the DMZ Host Feature allows authenticated attackers to execute arbitrary commands with high privileges. Public exploit code exists for this vulnerability, which affects unsupported product versions with no available patch. The attack requires high-level authentication but can be launched over the network without user interaction.
Unauthenticated attackers can achieve remote code execution on D-Link DIR-823X routers through OS command injection in the DDNS service component via the /goform/set_ddns endpoint. The vulnerability allows manipulation of DDNS parameters (ddnsType, ddnsDomain, ddnsUserName, ddnsPwd) to execute arbitrary system commands with high privileges. Public exploit code exists and no patch is currently available.
Remote code execution in D-Link DIR-823X firmware via command injection in the QoS configuration function allows unauthenticated attackers to execute arbitrary OS commands over the network. The vulnerability affects the /goform/set_qos endpoint and has public exploit code available, increasing the risk of active exploitation. No patch is currently available.
Unauthenticated remote attackers can execute arbitrary OS commands on D-Link DIR-823X routers through command injection in the /goform/set_ac_status endpoint via manipulation of ac_ipaddr, ac_ipstatus, or ap_randtime parameters. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.
Remote code execution in D-Link DIR-823X routers through OS command injection in the /goform/set_server_settings endpoint allows unauthenticated attackers to execute arbitrary commands by manipulating terminal_addr, server_ip, or server_port parameters. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at high risk.
Command injection in D-Link DWR-M921 firmware versions up to 1.1.50 allows remote attackers with high privileges to execute arbitrary commands through the USSD Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker can leverage the unsanitized ussdValue parameter to compromise the affected device.
D-Link DIR-823X firmware contains a command injection vulnerability in the /goform/set_language endpoint that allows remote attackers with high privileges to execute arbitrary OS commands via manipulation of the langSelection parameter. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation grants complete system compromise with confidentiality, integrity, and availability impact.
D-Link DIR-823X routers contain an OS command injection vulnerability in the /goform/set_mac_clone endpoint that allows remote attackers with high privileges to execute arbitrary commands through manipulation of the mac parameter. Public exploit code exists for this vulnerability, which affects confidentiality, integrity, and availability. No patch is currently available.
D-Link DIR-823X firmware contains an OS command injection vulnerability in the /goform/set_password endpoint that allows remote attackers with high privileges to execute arbitrary commands by manipulating the http_passwd parameter. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker could leverage this to compromise the affected device with limited confidentiality, integrity, and availability impact.
D-Link DIR-823X routers are vulnerable to remote command injection through the Web Management Interface's /goform/set_ac_server endpoint, allowing unauthenticated attackers to execute arbitrary OS commands. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. A patch is not currently available, leaving affected devices exposed until remediation.
D-Link DIR-823X firmware versions up to 250416 contain an OS command injection vulnerability in the IPv6 configuration endpoint that allows authenticated remote attackers to execute arbitrary commands. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires administrative privileges but can be executed over the network with no user interaction required.
D-Link DIR-605L and DIR-619L routers expose sensitive information through the DHCP Connection Status Handler via unauthenticated network requests, with public exploit code available. Affected devices running firmware versions 2.06B01 and 2.13B01 can leak configuration data to remote attackers without authentication, though impact is limited to information disclosure. No patch is available as these router models are end-of-life and no longer supported by D-Link.
Information disclosure in D-Link DIR-605L and DIR-619L routers allows unauthenticated remote attackers to access sensitive DHCP client information through an unspecified manipulation of the DHCP Client Information Handler component. Public exploit code exists for this vulnerability, though patches are unavailable since these device models are no longer supported by D-Link.
D-Link DIR-605L and DIR-619L routers (firmware versions 2.06B01/2.13B01) expose sensitive information through an unauthenticated remote manipulation of the WiFi Setting Handler component. Public exploit code is available for this vulnerability, and affected devices are no longer receiving security updates from D-Link. An attacker can remotely retrieve configuration data without authentication or user interaction.
Dsl-6641K Firmware versions up to n8.tr069.20131126 is affected by cross-site scripting (xss) (CVSS 2.4).
A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function ad_virtual_server_vdsl of the component Web Interface. [CVSS 2.4 LOW]
Dir-823X Firmware versions up to 250416 is affected by improper restriction of excessive authentication attempts (CVSS 3.7).
Command injection in D-Link DWR-M961 firmware version 1.1.47 allows authenticated remote attackers to execute arbitrary commands via manipulation of the action_value parameter in the SMS message handling function. The vulnerability requires valid credentials but no user interaction, and public exploit code is available. Affected systems can suffer unauthorized command execution, data theft, and potential device compromise.
Command injection in D-Link DWR-M961 firmware through the /boafrm/formLtefotaUpgradeFibocom endpoint allows authenticated remote attackers to execute arbitrary commands by manipulating the fota_url parameter. Public exploit code exists for this vulnerability, and no patch is currently available.
Command injection in D-Link DWR-M961 firmware (version 1.1.47) allows unauthenticated remote attackers to execute arbitrary commands through the fota_url parameter in the LTE firmware upgrade function. Public exploit code exists for this vulnerability, which requires low privileges but no user interaction to exploit. No patch is currently available for affected devices.
D-Link DIR-823X routers are vulnerable to remote command injection through the lan_gateway parameter in the /goform/set_mode function, allowing authenticated attackers to execute arbitrary OS commands. Public exploit code is available for this vulnerability, and affected devices are no longer receiving security updates from the vendor. The attack requires network access and valid credentials but has a low CVSS score of 6.3 due to limited impact scope.
A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. [CVSS 2.4 LOW]
Unauthenticated remote attackers can inject arbitrary OS commands through the MAC filter configuration parameter in D-Link DIR-615 firmware version 4.10 and potentially earlier versions. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from D-Link. Successful exploitation grants complete system compromise with high impact to confidentiality, integrity, and availability.
Command injection in D-Link DIR-615 firmware via the /set_temp_nodes.php URL Filter component allows unauthenticated remote attackers to execute arbitrary OS commands. Public exploit code exists for this vulnerability, which affects legacy unsupported devices with a 7.2 CVSS score and no available patch.
Remote code execution in D-Link DIR-615 firmware through os command injection via the ipaddr parameter in the Web Management Interface allows unauthenticated remote attackers to execute arbitrary commands. The vulnerability affects unsupported firmware versions up to 4.10, and public exploit code is available. No patch has been released by the vendor.
Dcs-700L Firmware versions up to 1.03.09 contains a vulnerability that allows attackers to command injection (CVSS 4.7).
D-Link D-View 8 installer versions 2.0.1.107 and below are vulnerable to DLL preloading attacks that execute with administrator privileges when a user approves a UAC prompt. An attacker can place a malicious version.dll file in the installer directory to achieve arbitrary code execution with system-level access. This vulnerability affects users installing or updating D-View 8 on Windows systems.
D-Link D-View 8 versions 2.0.1.107 and below allow authenticated users to bypass access controls on backend API endpoints and retrieve credential data for arbitrary accounts, including administrators. An attacker can leverage exposed credentials to directly authenticate as any user and gain full administrative control over the D-View system. A patch is available to address this high-severity improper access control vulnerability.
Dir-823X Firmware versions up to 250126 contains a vulnerability that allows attackers to command injection (CVSS 7.3).
D-Link DIR-895L router has command injection in the DHCP daemon via the hostname parameter during lease renewal. Any device requesting a DHCP lease with a malicious hostname achieves root code execution on the router. PoC available.
Command injection in D-Link DI-8200G firmware version 17.12.20A1 via the /upgrade_filter.asp path parameter allows authenticated remote attackers to execute arbitrary commands. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and valid credentials but no user interaction.
Dir-605L Firmware versions up to 6.02cn02 is affected by missing authentication for critical function (CVSS 6.8).
Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality.
Command injection in the SSDP Request Handler (ssdpcgi_main function) of D-Link DIR-806A firmware 100CNb11 allows remote authenticated attackers to execute arbitrary commands with low integrity and availability impact. Publicly available exploit code exists, but the vulnerability affects only end-of-life firmware with minimal real-world exploitation probability (EPSS 0.11%) due to low privilege requirements and limited scope of impact.
A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /msp_info.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The attack can be launched remotely. The exploit has been made public and could be used.
A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Command injection in D-Link DWR-M920 firmware up to version 1.1.50 allows authenticated remote attackers to execute arbitrary commands via the fota_url parameter in the /boafrm/formLtefotaUpgradeQuectel endpoint. Public exploit code is available, though EPSS exploitation probability remains low at 0.20% percentile, suggesting limited real-world exploitation despite proof-of-concept availability.
A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.
A security flaw has been discovered in D-Link DIR-823X up to 20250416. This affects the function sub_415028 of the file /goform/set_wan_settings. The manipulation of the argument ppp_username results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
A vulnerability has been found in D-Link R15 (AX1500) 1.20.01 and below. By manipulating the model name parameter during a password change request in the web administrator page, it is possible to trigger a command injection in httpd.
A vulnerability was identified in D-Link DIR-852 1.00.cgi. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A weakness has been identified in D-Link DWR-M920 1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in D-Link DIR-822K 1.00. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was determined in D-Link DIR-816L 2_06_b09_beta.cgi. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in D-Link DIR-816L 2_06_b09_beta. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in D-Link DIR-816L 2_06_b09_beta. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1.10CNB05_R1B011D88210.img in the upload.cgi module, which handles firmware version information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /tmp/new_qos.rule. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A stack buffer overflow vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin in the rc binary's USB storage handling module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `librcm.so` binaries. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linux_vlan_reinit. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command injection vulnerability within the web management interface that allows for unauthenticated attackers to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.2% and no vendor patch available.
Dell CloudLink, versions prior to 8.2, contain use of a Cryptographic Primitive with a Risky Implementation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user may exploit and gain parallel privilege escalation or access to the database to obtain confidential. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Dell CloudLink, versions prior 8.1.1, contain a Command Injection vulnerability which can be exploited by an Authenticated attacker to cause Command Injection on an affected Dell CloudLink. Rated medium severity (CVSS 5.3). No vendor patch available.
Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection from console to gain shell access of system. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.
Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection to gain control of system. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.
Command injection in D-Link DI-7001 MINI firmware versions 19.09.19A1 and 24.04.18B1 allows authenticated remote attackers to execute arbitrary commands via the cmd parameter in /msp_info.htm. The vulnerability has a public exploit available, though the extremely low CVSS score (2.1) and EPSS percentile (24th) indicate limited real-world exploitability despite network accessibility, as exploitation requires valid login credentials and results in low-impact information disclosure rather than system compromise.
Remote code execution in D-Link DCS-931L camera firmware through OS command injection in the /goform/setSysAdmin endpoint allows authenticated attackers to execute arbitrary commands on affected devices. Public exploit code exists for this vulnerability, and no patch is available since the product is no longer supported by the vendor.
D-Link DCS-931L camera firmware versions up to 1.13.0 contain a command injection vulnerability in the /setSystemAdmin endpoint that allows remote attackers with high privileges to execute arbitrary commands by manipulating the AdminID parameter. Public exploit code exists for this vulnerability, though the affected devices are no longer supported by D-Link. An attacker with administrative access could achieve remote code execution on vulnerable cameras.
Command injection in D-Link DCS-933L firmware up to version 1.14.11 allows authenticated remote attackers to execute arbitrary commands through the AdminID parameter in the /setSystemAdmin endpoint. Public exploit code exists for this vulnerability, which affects only end-of-life devices no longer receiving security updates. An attacker with valid credentials can achieve remote code execution with limited system privileges.
D-Link DIR-823X firmware versions up to 250416 contain an OS command injection vulnerability in the /goform/set_filtering function that allows remote attackers with high privileges to execute arbitrary commands with full system access. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and administrative credentials but carries high confidentiality, integrity, and availability impact.
Di-7100G C1 Firmware versions up to 24.04.18d1 contains a vulnerability that allows attackers to command injection (CVSS 6.3).
Command injection in D-Link DI-7100G C1 firmware version 24.04.18D1 allows authenticated remote attackers to execute arbitrary commands through manipulation of the usb_username parameter in the set_jhttpd_info function. Public exploit code exists for this vulnerability, and no patch is currently available. The medium-severity flaw requires valid credentials but can be exploited over the network with minimal complexity.
Unauthenticated attackers can execute arbitrary operating system commands on D-Link DIR-823X routers through the /goform/set_upnp endpoint via the upnp_enable parameter. Public exploit code is available for this vulnerability, and no patch has been released. This allows complete compromise of affected devices with high impact on confidentiality, integrity, and availability.
Command injection in D-Link DWR-M921 firmware via the fota_url parameter allows authenticated remote attackers to execute arbitrary commands with network access. The vulnerability affects firmware version 1.1.50 and has public exploit code available. A patch is not currently available.
D-Link DWR-M921 firmware versions up to 1.1.50 contain a command injection vulnerability in the LTE firmware update function that allows authenticated remote attackers to execute arbitrary commands via a manipulated fota_url parameter. Public exploit code is available for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials could achieve remote code execution on affected devices.
Command injection in D-Link DIR-600 firmware through the ssdp.cgi file allows remote attackers to execute arbitrary commands by manipulating HTTP parameters (HTTP_ST, REMOTE_ADDR, REMOTE_PORT, SERVER_ID). Public exploit code exists for this vulnerability, though it affects only unsupported product versions. The attack requires high-level privileges but has low complexity and impacts confidentiality, integrity, and availability.
Remote code execution in D-Link DIR-823X routers through OS command injection in the static route configuration endpoint allows unauthenticated remote attackers to execute arbitrary commands with high privileges. The vulnerability affects the /goform/set_static_route_table function and can be exploited by manipulating interface, destination IP, netmask, gateway, or metric parameters. Public exploit code exists for this vulnerability, and no patch is currently available.
Remote code execution in D-Link DIR-823X routers through OS command injection in the DMZ configuration handler allows unauthenticated attackers to execute arbitrary commands on affected devices. The vulnerability exists in the /goform/set_dmz endpoint where the dmz_host and dmz_enable parameters are insufficiently sanitized, and public exploit code is currently available. Organizations using DIR-823X firmware should prioritize patching as no official fix is currently available.
Unauthenticated remote attackers can execute arbitrary OS commands on D-Link DIR-615 4.10 routers through manipulated routing parameters in the web configuration interface, requiring only network access and no user interaction. Public exploit code is available for this vulnerability, and D-Link has not released a patch for the end-of-life device.
Remote code execution in D-Link DIR-615 firmware through os command injection via the dmz_ipaddr parameter in the DMZ Host Feature allows authenticated attackers to execute arbitrary commands with high privileges. Public exploit code exists for this vulnerability, which affects unsupported product versions with no available patch. The attack requires high-level authentication but can be launched over the network without user interaction.
Unauthenticated attackers can achieve remote code execution on D-Link DIR-823X routers through OS command injection in the DDNS service component via the /goform/set_ddns endpoint. The vulnerability allows manipulation of DDNS parameters (ddnsType, ddnsDomain, ddnsUserName, ddnsPwd) to execute arbitrary system commands with high privileges. Public exploit code exists and no patch is currently available.
Remote code execution in D-Link DIR-823X firmware via command injection in the QoS configuration function allows unauthenticated attackers to execute arbitrary OS commands over the network. The vulnerability affects the /goform/set_qos endpoint and has public exploit code available, increasing the risk of active exploitation. No patch is currently available.
Unauthenticated remote attackers can execute arbitrary OS commands on D-Link DIR-823X routers through command injection in the /goform/set_ac_status endpoint via manipulation of ac_ipaddr, ac_ipstatus, or ap_randtime parameters. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.
Remote code execution in D-Link DIR-823X routers through OS command injection in the /goform/set_server_settings endpoint allows unauthenticated attackers to execute arbitrary commands by manipulating terminal_addr, server_ip, or server_port parameters. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at high risk.
Command injection in D-Link DWR-M921 firmware versions up to 1.1.50 allows remote attackers with high privileges to execute arbitrary commands through the USSD Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker can leverage the unsanitized ussdValue parameter to compromise the affected device.
D-Link DIR-823X firmware contains a command injection vulnerability in the /goform/set_language endpoint that allows remote attackers with high privileges to execute arbitrary OS commands via manipulation of the langSelection parameter. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation grants complete system compromise with confidentiality, integrity, and availability impact.
D-Link DIR-823X routers contain an OS command injection vulnerability in the /goform/set_mac_clone endpoint that allows remote attackers with high privileges to execute arbitrary commands through manipulation of the mac parameter. Public exploit code exists for this vulnerability, which affects confidentiality, integrity, and availability. No patch is currently available.
D-Link DIR-823X firmware contains an OS command injection vulnerability in the /goform/set_password endpoint that allows remote attackers with high privileges to execute arbitrary commands by manipulating the http_passwd parameter. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker could leverage this to compromise the affected device with limited confidentiality, integrity, and availability impact.
D-Link DIR-823X routers are vulnerable to remote command injection through the Web Management Interface's /goform/set_ac_server endpoint, allowing unauthenticated attackers to execute arbitrary OS commands. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. A patch is not currently available, leaving affected devices exposed until remediation.
D-Link DIR-823X firmware versions up to 250416 contain an OS command injection vulnerability in the IPv6 configuration endpoint that allows authenticated remote attackers to execute arbitrary commands. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires administrative privileges but can be executed over the network with no user interaction required.
D-Link DIR-605L and DIR-619L routers expose sensitive information through the DHCP Connection Status Handler via unauthenticated network requests, with public exploit code available. Affected devices running firmware versions 2.06B01 and 2.13B01 can leak configuration data to remote attackers without authentication, though impact is limited to information disclosure. No patch is available as these router models are end-of-life and no longer supported by D-Link.
Information disclosure in D-Link DIR-605L and DIR-619L routers allows unauthenticated remote attackers to access sensitive DHCP client information through an unspecified manipulation of the DHCP Client Information Handler component. Public exploit code exists for this vulnerability, though patches are unavailable since these device models are no longer supported by D-Link.
D-Link DIR-605L and DIR-619L routers (firmware versions 2.06B01/2.13B01) expose sensitive information through an unauthenticated remote manipulation of the WiFi Setting Handler component. Public exploit code is available for this vulnerability, and affected devices are no longer receiving security updates from D-Link. An attacker can remotely retrieve configuration data without authentication or user interaction.
Dsl-6641K Firmware versions up to n8.tr069.20131126 is affected by cross-site scripting (xss) (CVSS 2.4).
A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function ad_virtual_server_vdsl of the component Web Interface. [CVSS 2.4 LOW]
Dir-823X Firmware versions up to 250416 is affected by improper restriction of excessive authentication attempts (CVSS 3.7).
Command injection in D-Link DWR-M961 firmware version 1.1.47 allows authenticated remote attackers to execute arbitrary commands via manipulation of the action_value parameter in the SMS message handling function. The vulnerability requires valid credentials but no user interaction, and public exploit code is available. Affected systems can suffer unauthorized command execution, data theft, and potential device compromise.
Command injection in D-Link DWR-M961 firmware through the /boafrm/formLtefotaUpgradeFibocom endpoint allows authenticated remote attackers to execute arbitrary commands by manipulating the fota_url parameter. Public exploit code exists for this vulnerability, and no patch is currently available.
Command injection in D-Link DWR-M961 firmware (version 1.1.47) allows unauthenticated remote attackers to execute arbitrary commands through the fota_url parameter in the LTE firmware upgrade function. Public exploit code exists for this vulnerability, which requires low privileges but no user interaction to exploit. No patch is currently available for affected devices.
D-Link DIR-823X routers are vulnerable to remote command injection through the lan_gateway parameter in the /goform/set_mode function, allowing authenticated attackers to execute arbitrary OS commands. Public exploit code is available for this vulnerability, and affected devices are no longer receiving security updates from the vendor. The attack requires network access and valid credentials but has a low CVSS score of 6.3 due to limited impact scope.
A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. [CVSS 2.4 LOW]
Unauthenticated remote attackers can inject arbitrary OS commands through the MAC filter configuration parameter in D-Link DIR-615 firmware version 4.10 and potentially earlier versions. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from D-Link. Successful exploitation grants complete system compromise with high impact to confidentiality, integrity, and availability.
Command injection in D-Link DIR-615 firmware via the /set_temp_nodes.php URL Filter component allows unauthenticated remote attackers to execute arbitrary OS commands. Public exploit code exists for this vulnerability, which affects legacy unsupported devices with a 7.2 CVSS score and no available patch.
Remote code execution in D-Link DIR-615 firmware through os command injection via the ipaddr parameter in the Web Management Interface allows unauthenticated remote attackers to execute arbitrary commands. The vulnerability affects unsupported firmware versions up to 4.10, and public exploit code is available. No patch has been released by the vendor.
Dcs-700L Firmware versions up to 1.03.09 contains a vulnerability that allows attackers to command injection (CVSS 4.7).
D-Link D-View 8 installer versions 2.0.1.107 and below are vulnerable to DLL preloading attacks that execute with administrator privileges when a user approves a UAC prompt. An attacker can place a malicious version.dll file in the installer directory to achieve arbitrary code execution with system-level access. This vulnerability affects users installing or updating D-View 8 on Windows systems.
D-Link D-View 8 versions 2.0.1.107 and below allow authenticated users to bypass access controls on backend API endpoints and retrieve credential data for arbitrary accounts, including administrators. An attacker can leverage exposed credentials to directly authenticate as any user and gain full administrative control over the D-View system. A patch is available to address this high-severity improper access control vulnerability.
Dir-823X Firmware versions up to 250126 contains a vulnerability that allows attackers to command injection (CVSS 7.3).
D-Link DIR-895L router has command injection in the DHCP daemon via the hostname parameter during lease renewal. Any device requesting a DHCP lease with a malicious hostname achieves root code execution on the router. PoC available.
Command injection in D-Link DI-8200G firmware version 17.12.20A1 via the /upgrade_filter.asp path parameter allows authenticated remote attackers to execute arbitrary commands. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and valid credentials but no user interaction.
Dir-605L Firmware versions up to 6.02cn02 is affected by missing authentication for critical function (CVSS 6.8).
Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality.
Command injection in the SSDP Request Handler (ssdpcgi_main function) of D-Link DIR-806A firmware 100CNb11 allows remote authenticated attackers to execute arbitrary commands with low integrity and availability impact. Publicly available exploit code exists, but the vulnerability affects only end-of-life firmware with minimal real-world exploitation probability (EPSS 0.11%) due to low privilege requirements and limited scope of impact.
A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /msp_info.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The attack can be launched remotely. The exploit has been made public and could be used.
A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Command injection in D-Link DWR-M920 firmware up to version 1.1.50 allows authenticated remote attackers to execute arbitrary commands via the fota_url parameter in the /boafrm/formLtefotaUpgradeQuectel endpoint. Public exploit code is available, though EPSS exploitation probability remains low at 0.20% percentile, suggesting limited real-world exploitation despite proof-of-concept availability.
A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.
A security flaw has been discovered in D-Link DIR-823X up to 20250416. This affects the function sub_415028 of the file /goform/set_wan_settings. The manipulation of the argument ppp_username results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
A vulnerability has been found in D-Link R15 (AX1500) 1.20.01 and below. By manipulating the model name parameter during a password change request in the web administrator page, it is possible to trigger a command injection in httpd.
A vulnerability was identified in D-Link DIR-852 1.00.cgi. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A weakness has been identified in D-Link DWR-M920 1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in D-Link DIR-822K 1.00. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was determined in D-Link DIR-816L 2_06_b09_beta.cgi. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in D-Link DIR-816L 2_06_b09_beta. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in D-Link DIR-816L 2_06_b09_beta. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1.10CNB05_R1B011D88210.img in the upload.cgi module, which handles firmware version information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /tmp/new_qos.rule. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A stack buffer overflow vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin in the rc binary's USB storage handling module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `librcm.so` binaries. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linux_vlan_reinit. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command injection vulnerability within the web management interface that allows for unauthenticated attackers to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.2% and no vendor patch available.
Dell CloudLink, versions prior to 8.2, contain use of a Cryptographic Primitive with a Risky Implementation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user may exploit and gain parallel privilege escalation or access to the database to obtain confidential. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Dell CloudLink, versions prior 8.1.1, contain a Command Injection vulnerability which can be exploited by an Authenticated attacker to cause Command Injection on an affected Dell CloudLink. Rated medium severity (CVSS 5.3). No vendor patch available.
Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection from console to gain shell access of system. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.
Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection to gain control of system. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.
Command injection in D-Link DI-7001 MINI firmware versions 19.09.19A1 and 24.04.18B1 allows authenticated remote attackers to execute arbitrary commands via the cmd parameter in /msp_info.htm. The vulnerability has a public exploit available, though the extremely low CVSS score (2.1) and EPSS percentile (24th) indicate limited real-world exploitability despite network accessibility, as exploitation requires valid login credentials and results in low-impact information disclosure rather than system compromise.