Skip to main content

D-Link

1370 CVEs vendor

Monthly

CVE-2026-2260 HIGH POC This Week

Remote code execution in D-Link DCS-931L camera firmware through OS command injection in the /goform/setSysAdmin endpoint allows authenticated attackers to execute arbitrary commands on affected devices. Public exploit code exists for this vulnerability, and no patch is available since the product is no longer supported by the vendor.

D-Link Command Injection Dcs 931l Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-2227 LOW POC Monitor

D-Link DCS-931L camera firmware versions up to 1.13.0 contain a command injection vulnerability in the /setSystemAdmin endpoint that allows remote attackers with high privileges to execute arbitrary commands by manipulating the AdminID parameter. Public exploit code exists for this vulnerability, though the affected devices are no longer supported by D-Link. An attacker with administrative access could achieve remote code execution on vulnerable cameras.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2026-2218 LOW POC Monitor

Command injection in D-Link DCS-933L firmware up to version 1.14.11 allows authenticated remote attackers to execute arbitrary commands through the AdminID parameter in the /setSystemAdmin endpoint. Public exploit code exists for this vulnerability, which affects only end-of-life devices no longer receiving security updates. An attacker with valid credentials can achieve remote code execution with limited system privileges.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-2210 HIGH POC This Week

D-Link DIR-823X firmware versions up to 250416 contain an OS command injection vulnerability in the /goform/set_filtering function that allows remote attackers with high privileges to execute arbitrary commands with full system access. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and administrative credentials but carries high confidentiality, integrity, and availability impact.

D-Link Command Injection Dir 823x Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-2194 LOW POC Monitor

Di-7100G C1 Firmware versions up to 24.04.18d1 contains a vulnerability that allows attackers to command injection (CVSS 6.3).

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2193 MEDIUM POC This Month

Command injection in D-Link DI-7100G C1 firmware version 24.04.18D1 allows authenticated remote attackers to execute arbitrary commands through manipulation of the usb_username parameter in the set_jhttpd_info function. Public exploit code exists for this vulnerability, and no patch is currently available. The medium-severity flaw requires valid credentials but can be exploited over the network with minimal complexity.

D-Link Command Injection Di 7100g C1 Firmware
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2026-2175 HIGH POC This Week

Unauthenticated attackers can execute arbitrary operating system commands on D-Link DIR-823X routers through the /goform/set_upnp endpoint via the upnp_enable parameter. Public exploit code is available for this vulnerability, and no patch has been released. This allows complete compromise of affected devices with high impact on confidentiality, integrity, and availability.

D-Link Command Injection Dir 823x Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.4%
CVE-2026-2169 LOW POC Monitor

Command injection in D-Link DWR-M921 firmware via the fota_url parameter allows authenticated remote attackers to execute arbitrary commands with network access. The vulnerability affects firmware version 1.1.50 and has public exploit code available. A patch is not currently available.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-2168 LOW POC Monitor

D-Link DWR-M921 firmware versions up to 1.1.50 contain a command injection vulnerability in the LTE firmware update function that allows authenticated remote attackers to execute arbitrary commands via a manipulated fota_url parameter. Public exploit code is available for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials could achieve remote code execution on affected devices.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-2163 LOW POC Monitor

Command injection in D-Link DIR-600 firmware through the ssdp.cgi file allows remote attackers to execute arbitrary commands by manipulating HTTP parameters (HTTP_ST, REMOTE_ADDR, REMOTE_PORT, SERVER_ID). Public exploit code exists for this vulnerability, though it affects only unsupported product versions. The attack requires high-level privileges but has low complexity and impacts confidentiality, integrity, and availability.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2026-2157 HIGH POC This Week

Remote code execution in D-Link DIR-823X routers through OS command injection in the static route configuration endpoint allows unauthenticated remote attackers to execute arbitrary commands with high privileges. The vulnerability affects the /goform/set_static_route_table function and can be exploited by manipulating interface, destination IP, netmask, gateway, or metric parameters. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Command Injection Dir 823x Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.4%
CVE-2026-2155 HIGH POC This Week

Remote code execution in D-Link DIR-823X routers through OS command injection in the DMZ configuration handler allows unauthenticated attackers to execute arbitrary commands on affected devices. The vulnerability exists in the /goform/set_dmz endpoint where the dmz_host and dmz_enable parameters are insufficiently sanitized, and public exploit code is currently available. Organizations using DIR-823X firmware should prioritize patching as no official fix is currently available.

D-Link Command Injection Dir 823x Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.3%
CVE-2026-2152 HIGH POC This Week

Unauthenticated remote attackers can execute arbitrary OS commands on D-Link DIR-615 4.10 routers through manipulated routing parameters in the web configuration interface, requiring only network access and no user interaction. Public exploit code is available for this vulnerability, and D-Link has not released a patch for the end-of-life device.

D-Link PHP Command Injection Dir 615 Firmware
NVD VulDB
CVSS 3.1
7.2
EPSS
1.9%
CVE-2026-2151 HIGH POC This Week

Remote code execution in D-Link DIR-615 firmware through os command injection via the dmz_ipaddr parameter in the DMZ Host Feature allows authenticated attackers to execute arbitrary commands with high privileges. Public exploit code exists for this vulnerability, which affects unsupported product versions with no available patch. The attack requires high-level authentication but can be launched over the network without user interaction.

D-Link PHP Command Injection Dir 615 Firmware
NVD VulDB
CVSS 3.1
7.2
EPSS
0.4%
CVE-2026-2143 HIGH POC This Week

Unauthenticated attackers can achieve remote code execution on D-Link DIR-823X routers through OS command injection in the DDNS service component via the /goform/set_ddns endpoint. The vulnerability allows manipulation of DDNS parameters (ddnsType, ddnsDomain, ddnsUserName, ddnsPwd) to execute arbitrary system commands with high privileges. Public exploit code exists and no patch is currently available.

D-Link Command Injection Dir 823x Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-2142 HIGH POC This Week

Remote code execution in D-Link DIR-823X firmware via command injection in the QoS configuration function allows unauthenticated attackers to execute arbitrary OS commands over the network. The vulnerability affects the /goform/set_qos endpoint and has public exploit code available, increasing the risk of active exploitation. No patch is currently available.

D-Link Command Injection Dir 823x Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-2129 HIGH POC This Week

Unauthenticated remote attackers can execute arbitrary OS commands on D-Link DIR-823X routers through command injection in the /goform/set_ac_status endpoint via manipulation of ac_ipaddr, ac_ipstatus, or ap_randtime parameters. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

D-Link Command Injection Dir 823x Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-2120 HIGH POC This Week

Remote code execution in D-Link DIR-823X routers through OS command injection in the /goform/set_server_settings endpoint allows unauthenticated attackers to execute arbitrary commands by manipulating terminal_addr, server_ip, or server_port parameters. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at high risk.

D-Link Command Injection Dir 823x Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.4%
CVE-2026-2085 HIGH POC This Week

Command injection in D-Link DWR-M921 firmware versions up to 1.1.50 allows remote attackers with high privileges to execute arbitrary commands through the USSD Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker can leverage the unsanitized ussdValue parameter to compromise the affected device.

D-Link Command Injection Dwr M921 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.3%
CVE-2026-2084 HIGH POC This Week

D-Link DIR-823X firmware contains a command injection vulnerability in the /goform/set_language endpoint that allows remote attackers with high privileges to execute arbitrary OS commands via manipulation of the langSelection parameter. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation grants complete system compromise with confidentiality, integrity, and availability impact.

D-Link Command Injection Dir 823x Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.3%
CVE-2026-2082 LOW POC Monitor

D-Link DIR-823X routers contain an OS command injection vulnerability in the /goform/set_mac_clone endpoint that allows remote attackers with high privileges to execute arbitrary commands through manipulation of the mac parameter. Public exploit code exists for this vulnerability, which affects confidentiality, integrity, and availability. No patch is currently available.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2026-2081 LOW POC Monitor

D-Link DIR-823X firmware contains an OS command injection vulnerability in the /goform/set_password endpoint that allows remote attackers with high privileges to execute arbitrary commands by manipulating the http_passwd parameter. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker could leverage this to compromise the affected device with limited confidentiality, integrity, and availability impact.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2026-2063 LOW POC Monitor

D-Link DIR-823X routers are vulnerable to remote command injection through the Web Management Interface's /goform/set_ac_server endpoint, allowing unauthenticated attackers to execute arbitrary OS commands. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. A patch is not currently available, leaving affected devices exposed until remediation.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2026-2061 LOW POC Monitor

D-Link DIR-823X firmware versions up to 250416 contain an OS command injection vulnerability in the IPv6 configuration endpoint that allows authenticated remote attackers to execute arbitrary commands. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires administrative privileges but can be executed over the network with no user interaction required.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2026-2056 MEDIUM POC This Month

D-Link DIR-605L and DIR-619L routers expose sensitive information through the DHCP Connection Status Handler via unauthenticated network requests, with public exploit code available. Affected devices running firmware versions 2.06B01 and 2.13B01 can leak configuration data to remote attackers without authentication, though impact is limited to information disclosure. No patch is available as these router models are end-of-life and no longer supported by D-Link.

D-Link Information Disclosure Dir 605l Firmware Dir 619l Firmware
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-2055 MEDIUM POC This Month

Information disclosure in D-Link DIR-605L and DIR-619L routers allows unauthenticated remote attackers to access sensitive DHCP client information through an unspecified manipulation of the DHCP Client Information Handler component. Public exploit code exists for this vulnerability, though patches are unavailable since these device models are no longer supported by D-Link.

D-Link Information Disclosure Dir 619l Firmware Dir 605l Firmware
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-2054 MEDIUM POC This Month

D-Link DIR-605L and DIR-619L routers (firmware versions 2.06B01/2.13B01) expose sensitive information through an unauthenticated remote manipulation of the WiFi Setting Handler component. Public exploit code is available for this vulnerability, and affected devices are no longer receiving security updates from D-Link. An attacker can remotely retrieve configuration data without authentication or user interaction.

D-Link Information Disclosure Dir 605l Firmware Dir 619l Firmware
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-1744 LOW POC Monitor

Dsl-6641K Firmware versions up to n8.tr069.20131126 is affected by cross-site scripting (xss) (CVSS 2.4).

D-Link XSS
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-1705 LOW Monitor

A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function ad_virtual_server_vdsl of the component Web Interface. [CVSS 2.4 LOW]

D-Link XSS
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-1685 LOW Monitor

Dir-823X Firmware versions up to 250416 is affected by improper restriction of excessive authentication attempts (CVSS 3.7).

D-Link Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2026-1625 LOW Monitor

Command injection in D-Link DWR-M961 firmware version 1.1.47 allows authenticated remote attackers to execute arbitrary commands via manipulation of the action_value parameter in the SMS message handling function. The vulnerability requires valid credentials but no user interaction, and public exploit code is available. Affected systems can suffer unauthorized command execution, data theft, and potential device compromise.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-1624 LOW Monitor

Command injection in D-Link DWR-M961 firmware through the /boafrm/formLtefotaUpgradeFibocom endpoint allows authenticated remote attackers to execute arbitrary commands by manipulating the fota_url parameter. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-1596 LOW Monitor

Command injection in D-Link DWR-M961 firmware (version 1.1.47) allows unauthenticated remote attackers to execute arbitrary commands through the fota_url parameter in the LTE firmware upgrade function. Public exploit code exists for this vulnerability, which requires low privileges but no user interaction to exploit. No patch is currently available for affected devices.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-1544 LOW POC Monitor

D-Link DIR-823X routers are vulnerable to remote command injection through the lan_gateway parameter in the /goform/set_mode function, allowing authenticated attackers to execute arbitrary OS commands. Public exploit code is available for this vulnerability, and affected devices are no longer receiving security updates from the vendor. The attack requires network access and valid credentials but has a low CVSS score of 6.3 due to limited impact scope.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-1532 LOW POC Monitor

A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. [CVSS 2.4 LOW]

D-Link Path Traversal File Upload
NVD VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-1506 HIGH POC This Week

Unauthenticated remote attackers can inject arbitrary OS commands through the MAC filter configuration parameter in D-Link DIR-615 firmware version 4.10 and potentially earlier versions. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from D-Link. Successful exploitation grants complete system compromise with high impact to confidentiality, integrity, and availability.

D-Link PHP Command Injection Dir 615 Firmware
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-1505 HIGH POC This Week

Command injection in D-Link DIR-615 firmware via the /set_temp_nodes.php URL Filter component allows unauthenticated remote attackers to execute arbitrary OS commands. Public exploit code exists for this vulnerability, which affects legacy unsupported devices with a 7.2 CVSS score and no available patch.

D-Link PHP Command Injection Dir 615 Firmware
NVD VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2026-1448 HIGH POC This Week

Remote code execution in D-Link DIR-615 firmware through os command injection via the ipaddr parameter in the Web Management Interface allows unauthenticated remote attackers to execute arbitrary commands. The vulnerability affects unsupported firmware versions up to 4.10, and public exploit code is available. No patch has been released by the vendor.

D-Link PHP Command Injection Dir 615 Firmware
NVD VulDB
CVSS 3.1
7.2
EPSS
0.5%
CVE-2026-1419 LOW POC Monitor

Dcs-700L Firmware versions up to 1.03.09 contains a vulnerability that allows attackers to command injection (CVSS 4.7).

D-Link Command Injection
NVD VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2026-23755 HIGH PATCH This Week

D-Link D-View 8 installer versions 2.0.1.107 and below are vulnerable to DLL preloading attacks that execute with administrator privileges when a user approves a UAC prompt. An attacker can place a malicious version.dll file in the installer directory to achieve arbitrary code execution with system-level access. This vulnerability affects users installing or updating D-View 8 on Windows systems.

D-Link D View 8
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-23754 HIGH PATCH This Week

D-Link D-View 8 versions 2.0.1.107 and below allow authenticated users to bypass access controls on backend API endpoints and retrieve credential data for arbitrary accounts, including administrators. An attacker can leverage exposed credentials to directly authenticate as any user and gain full administrative control over the D-View system. A patch is available to address this high-severity improper access control vulnerability.

D-Link D View 8
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-1125 MEDIUM POC This Month

Dir-823X Firmware versions up to 250126 contains a vulnerability that allows attackers to command injection (CVSS 7.3).

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.8%
CVE-2025-69542 CRITICAL POC Act Now

D-Link DIR-895L router has command injection in the DHCP daemon via the hostname parameter during lease renewal. Any device requesting a DHCP lease with a malicious hostname achieves root code execution on the router. PoC available.

D-Link Command Injection Dir 895la1 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2026-0732 LOW POC Monitor

Command injection in D-Link DI-8200G firmware version 17.12.20A1 via the /upgrade_filter.asp path parameter allows authenticated remote attackers to execute arbitrary commands. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and valid credentials but no user interaction.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-65731 MEDIUM POC This Month

Dir-605L Firmware versions up to 6.02cn02 is affected by missing authentication for critical function (CVSS 6.8).

D-Link Dir 605l Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-0625 CRITICAL Act Now

Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality.

D-Link Authentication Bypass
NVD VulDB
CVSS 4.0
9.3
EPSS
0.7%
CVE-2025-15391 LOW POC Monitor

Command injection in the SSDP Request Handler (ssdpcgi_main function) of D-Link DIR-806A firmware 100CNb11 allows remote authenticated attackers to execute arbitrary commands with low integrity and availability impact. Publicly available exploit code exists, but the vulnerability affects only end-of-life firmware with minimal real-world exploitation probability (EPSS 0.11%) due to low privilege requirements and limited scope of impact.

Command Injection D-Link Dir 806A Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-15357 LOW POC Monitor

A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /msp_info.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The attack can be launched remotely. The exploit has been made public and could be used.

Command Injection D-Link Di 7400G Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-15245 LOW POC Monitor

A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

D-Link Path Traversal Dcs 850L Firmware
NVD VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-15192 LOW POC Monitor

Command injection in D-Link DWR-M920 firmware up to version 1.1.50 allows authenticated remote attackers to execute arbitrary commands via the fota_url parameter in the /boafrm/formLtefotaUpgradeQuectel endpoint. Public exploit code is available, though EPSS exploitation probability remains low at 0.20% percentile, suggesting limited real-world exploitation despite proof-of-concept availability.

Command Injection D-Link Dwr M920 Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-15191 LOW POC Monitor

A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.

Command Injection D-Link Dwr M920 Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-14225 LOW POC Monitor

A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.

Command Injection D-Link
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-14208 LOW POC Monitor

A security flaw has been discovered in D-Link DIR-823X up to 20250416. This affects the function sub_415028 of the file /goform/set_wan_settings. The manipulation of the argument ppp_username results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.

Command Injection D-Link
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.9%
CVE-2025-60854 CRITICAL Act Now

A vulnerability has been found in D-Link R15 (AX1500) 1.20.01 and below. By manipulating the model name parameter during a password change request in the web administrator page, it is possible to trigger a command injection in httpd.

Command Injection R15 Firmware D-Link
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-13562 MEDIUM POC This Month

A vulnerability was identified in D-Link DIR-852 1.00.cgi. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.5%
CVE-2025-13553 HIGH POC This Month

A weakness has been identified in D-Link DWR-M920 1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dwr M920 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2025-13552 HIGH POC This Month

A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 822K Firmware Dwr M920 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2025-13551 HIGH POC This Month

A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 822K Firmware Dwr M920 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2025-13550 HIGH POC This Month

A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 822K Firmware Dwr M920 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2025-13549 HIGH POC This Month

A vulnerability was found in D-Link DIR-822K 1.00. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 822K Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2025-13548 HIGH POC This Month

A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 822K Firmware Dwr M920 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2025-13547 HIGH POC This Month

A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 822K Firmware Dwr M920 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2025-63932 HIGH POC This Month

D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection RCE Dir 868l Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.5%
CVE-2025-13306 LOW POC Monitor

A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-13305 HIGH POC This Month

A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 825M Firmware Dwr M920 Firmware Dwr M921 Firmware +2
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-13304 HIGH POC This Month

A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 825M Firmware Dwr M920 Firmware Dwr M921 Firmware +2
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-13191 HIGH POC This Month

A vulnerability was determined in D-Link DIR-816L 2_06_b09_beta.cgi. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 816L Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2025-13190 HIGH POC This Month

A vulnerability was found in D-Link DIR-816L 2_06_b09_beta. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 816L Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2025-13189 HIGH POC This Month

A vulnerability has been found in D-Link DIR-816L 2_06_b09_beta. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 816L Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2025-13188 HIGH POC This Week

A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 816L Firmware
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.3%
CVE-2025-60679 HIGH POC This Week

A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1.10CNB05_R1B011D88210.img in the upload.cgi module, which handles firmware version information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE D-Link Dir 816 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-60676 MEDIUM POC This Month

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 878 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-60675 MEDIUM POC This Month

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /tmp/new_qos.rule. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2025-60674 MEDIUM POC This Month

A stack buffer overflow vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin in the rc binary's USB storage handling module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE D-Link Dir 878 Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-60673 MEDIUM POC This Month

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 878 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-60672 MEDIUM POC This Month

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 878 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-60701 MEDIUM POC This Week

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 882 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-60700 MEDIUM POC This Week

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `librcm.so` binaries. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 882 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-60698 HIGH POC This Month

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 882 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.5%
CVE-2025-60697 HIGH POC This Month

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 882 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.5%
CVE-2025-60671 MEDIUM POC This Month

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linux_vlan_reinit. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-50596 CRITICAL Act Now

D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command injection vulnerability within the web management interface that allows for unauthenticated attackers to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.2% and no vendor patch available.

D-Link Command Injection Dir 1260 Firmware
NVD
CVSS 4.0
9.3
EPSS
13.2%
CVE-2025-46424 MEDIUM This Month

Dell CloudLink, versions prior to 8.2, contain use of a Cryptographic Primitive with a Risky Implementation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Cloudlink D-Link
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-46366 MEDIUM This Month

Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user may exploit and gain parallel privilege escalation or access to the database to obtain confidential. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Cloudlink D-Link
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-46365 MEDIUM This Month

Dell CloudLink, versions prior 8.1.1, contain a Command Injection vulnerability which can be exploited by an Authenticated attacker to cause Command Injection on an affected Dell CloudLink. Rated medium severity (CVSS 5.3). No vendor patch available.

Dell Command Injection Cloudlink D-Link
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-46364 CRITICAL This Week

Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Privilege Escalation Cloudlink D-Link
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-45379 HIGH This Month

Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection from console to gain shell access of system. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Cloudlink D-Link
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2025-45378 CRITICAL This Week

Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Command Injection Authentication Bypass Cloudlink D-Link
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-30479 HIGH This Month

Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection to gain control of system. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Cloudlink D-Link
NVD
CVSS 3.1
8.4
EPSS
0.8%
CVE-2025-12313 LOW POC Monitor

Command injection in D-Link DI-7001 MINI firmware versions 19.09.19A1 and 24.04.18B1 allows authenticated remote attackers to execute arbitrary commands via the cmd parameter in /msp_info.htm. The vulnerability has a public exploit available, though the extremely low CVSS score (2.1) and EPSS percentile (24th) indicate limited real-world exploitability despite network accessibility, as exploitation requires valid login credentials and results in low-impact information disclosure rather than system compromise.

Command Injection D-Link Di 7001Mini 8G Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
EPSS 0% CVSS 7.2
HIGH POC This Week

Remote code execution in D-Link DCS-931L camera firmware through OS command injection in the /goform/setSysAdmin endpoint allows authenticated attackers to execute arbitrary commands on affected devices. Public exploit code exists for this vulnerability, and no patch is available since the product is no longer supported by the vendor.

D-Link Command Injection Dcs 931l Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

D-Link DCS-931L camera firmware versions up to 1.13.0 contain a command injection vulnerability in the /setSystemAdmin endpoint that allows remote attackers with high privileges to execute arbitrary commands by manipulating the AdminID parameter. Public exploit code exists for this vulnerability, though the affected devices are no longer supported by D-Link. An attacker with administrative access could achieve remote code execution on vulnerable cameras.

D-Link Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Command injection in D-Link DCS-933L firmware up to version 1.14.11 allows authenticated remote attackers to execute arbitrary commands through the AdminID parameter in the /setSystemAdmin endpoint. Public exploit code exists for this vulnerability, which affects only end-of-life devices no longer receiving security updates. An attacker with valid credentials can achieve remote code execution with limited system privileges.

D-Link Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH POC This Week

D-Link DIR-823X firmware versions up to 250416 contain an OS command injection vulnerability in the /goform/set_filtering function that allows remote attackers with high privileges to execute arbitrary commands with full system access. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and administrative credentials but carries high confidentiality, integrity, and availability impact.

D-Link Command Injection Dir 823x Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Di-7100G C1 Firmware versions up to 24.04.18d1 contains a vulnerability that allows attackers to command injection (CVSS 6.3).

D-Link Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM POC This Month

Command injection in D-Link DI-7100G C1 firmware version 24.04.18D1 allows authenticated remote attackers to execute arbitrary commands through manipulation of the usb_username parameter in the set_jhttpd_info function. Public exploit code exists for this vulnerability, and no patch is currently available. The medium-severity flaw requires valid credentials but can be exploited over the network with minimal complexity.

D-Link Command Injection Di 7100g C1 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH POC This Week

Unauthenticated attackers can execute arbitrary operating system commands on D-Link DIR-823X routers through the /goform/set_upnp endpoint via the upnp_enable parameter. Public exploit code is available for this vulnerability, and no patch has been released. This allows complete compromise of affected devices with high impact on confidentiality, integrity, and availability.

D-Link Command Injection Dir 823x Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Command injection in D-Link DWR-M921 firmware via the fota_url parameter allows authenticated remote attackers to execute arbitrary commands with network access. The vulnerability affects firmware version 1.1.50 and has public exploit code available. A patch is not currently available.

D-Link Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

D-Link DWR-M921 firmware versions up to 1.1.50 contain a command injection vulnerability in the LTE firmware update function that allows authenticated remote attackers to execute arbitrary commands via a manipulated fota_url parameter. Public exploit code is available for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials could achieve remote code execution on affected devices.

D-Link Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

Command injection in D-Link DIR-600 firmware through the ssdp.cgi file allows remote attackers to execute arbitrary commands by manipulating HTTP parameters (HTTP_ST, REMOTE_ADDR, REMOTE_PORT, SERVER_ID). Public exploit code exists for this vulnerability, though it affects only unsupported product versions. The attack requires high-level privileges but has low complexity and impacts confidentiality, integrity, and availability.

D-Link Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH POC This Week

Remote code execution in D-Link DIR-823X routers through OS command injection in the static route configuration endpoint allows unauthenticated remote attackers to execute arbitrary commands with high privileges. The vulnerability affects the /goform/set_static_route_table function and can be exploited by manipulating interface, destination IP, netmask, gateway, or metric parameters. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Command Injection Dir 823x Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH POC This Week

Remote code execution in D-Link DIR-823X routers through OS command injection in the DMZ configuration handler allows unauthenticated attackers to execute arbitrary commands on affected devices. The vulnerability exists in the /goform/set_dmz endpoint where the dmz_host and dmz_enable parameters are insufficiently sanitized, and public exploit code is currently available. Organizations using DIR-823X firmware should prioritize patching as no official fix is currently available.

D-Link Command Injection Dir 823x Firmware
NVD GitHub VulDB
EPSS 2% CVSS 7.2
HIGH POC This Week

Unauthenticated remote attackers can execute arbitrary OS commands on D-Link DIR-615 4.10 routers through manipulated routing parameters in the web configuration interface, requiring only network access and no user interaction. Public exploit code is available for this vulnerability, and D-Link has not released a patch for the end-of-life device.

D-Link PHP Command Injection +1
NVD VulDB
EPSS 0% CVSS 7.2
HIGH POC This Week

Remote code execution in D-Link DIR-615 firmware through os command injection via the dmz_ipaddr parameter in the DMZ Host Feature allows authenticated attackers to execute arbitrary commands with high privileges. Public exploit code exists for this vulnerability, which affects unsupported product versions with no available patch. The attack requires high-level authentication but can be launched over the network without user interaction.

D-Link PHP Command Injection +1
NVD VulDB
EPSS 0% CVSS 7.2
HIGH POC This Week

Unauthenticated attackers can achieve remote code execution on D-Link DIR-823X routers through OS command injection in the DDNS service component via the /goform/set_ddns endpoint. The vulnerability allows manipulation of DDNS parameters (ddnsType, ddnsDomain, ddnsUserName, ddnsPwd) to execute arbitrary system commands with high privileges. Public exploit code exists and no patch is currently available.

D-Link Command Injection Dir 823x Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH POC This Week

Remote code execution in D-Link DIR-823X firmware via command injection in the QoS configuration function allows unauthenticated attackers to execute arbitrary OS commands over the network. The vulnerability affects the /goform/set_qos endpoint and has public exploit code available, increasing the risk of active exploitation. No patch is currently available.

D-Link Command Injection Dir 823x Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH POC This Week

Unauthenticated remote attackers can execute arbitrary OS commands on D-Link DIR-823X routers through command injection in the /goform/set_ac_status endpoint via manipulation of ac_ipaddr, ac_ipstatus, or ap_randtime parameters. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

D-Link Command Injection Dir 823x Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH POC This Week

Remote code execution in D-Link DIR-823X routers through OS command injection in the /goform/set_server_settings endpoint allows unauthenticated attackers to execute arbitrary commands by manipulating terminal_addr, server_ip, or server_port parameters. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at high risk.

D-Link Command Injection Dir 823x Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH POC This Week

Command injection in D-Link DWR-M921 firmware versions up to 1.1.50 allows remote attackers with high privileges to execute arbitrary commands through the USSD Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker can leverage the unsanitized ussdValue parameter to compromise the affected device.

D-Link Command Injection Dwr M921 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH POC This Week

D-Link DIR-823X firmware contains a command injection vulnerability in the /goform/set_language endpoint that allows remote attackers with high privileges to execute arbitrary OS commands via manipulation of the langSelection parameter. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation grants complete system compromise with confidentiality, integrity, and availability impact.

D-Link Command Injection Dir 823x Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

D-Link DIR-823X routers contain an OS command injection vulnerability in the /goform/set_mac_clone endpoint that allows remote attackers with high privileges to execute arbitrary commands through manipulation of the mac parameter. Public exploit code exists for this vulnerability, which affects confidentiality, integrity, and availability. No patch is currently available.

D-Link Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

D-Link DIR-823X firmware contains an OS command injection vulnerability in the /goform/set_password endpoint that allows remote attackers with high privileges to execute arbitrary commands by manipulating the http_passwd parameter. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker could leverage this to compromise the affected device with limited confidentiality, integrity, and availability impact.

D-Link Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

D-Link DIR-823X routers are vulnerable to remote command injection through the Web Management Interface's /goform/set_ac_server endpoint, allowing unauthenticated attackers to execute arbitrary OS commands. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. A patch is not currently available, leaving affected devices exposed until remediation.

D-Link Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

D-Link DIR-823X firmware versions up to 250416 contain an OS command injection vulnerability in the IPv6 configuration endpoint that allows authenticated remote attackers to execute arbitrary commands. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires administrative privileges but can be executed over the network with no user interaction required.

D-Link Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

D-Link DIR-605L and DIR-619L routers expose sensitive information through the DHCP Connection Status Handler via unauthenticated network requests, with public exploit code available. Affected devices running firmware versions 2.06B01 and 2.13B01 can leak configuration data to remote attackers without authentication, though impact is limited to information disclosure. No patch is available as these router models are end-of-life and no longer supported by D-Link.

D-Link Information Disclosure Dir 605l Firmware +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

Information disclosure in D-Link DIR-605L and DIR-619L routers allows unauthenticated remote attackers to access sensitive DHCP client information through an unspecified manipulation of the DHCP Client Information Handler component. Public exploit code exists for this vulnerability, though patches are unavailable since these device models are no longer supported by D-Link.

D-Link Information Disclosure Dir 619l Firmware +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

D-Link DIR-605L and DIR-619L routers (firmware versions 2.06B01/2.13B01) expose sensitive information through an unauthenticated remote manipulation of the WiFi Setting Handler component. Public exploit code is available for this vulnerability, and affected devices are no longer receiving security updates from D-Link. An attacker can remotely retrieve configuration data without authentication or user interaction.

D-Link Information Disclosure Dir 605l Firmware +1
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

Dsl-6641K Firmware versions up to n8.tr069.20131126 is affected by cross-site scripting (xss) (CVSS 2.4).

D-Link XSS
NVD VulDB
EPSS 0% CVSS 1.9
LOW Monitor

A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function ad_virtual_server_vdsl of the component Web Interface. [CVSS 2.4 LOW]

D-Link XSS
NVD VulDB
EPSS 0% CVSS 2.9
LOW Monitor

Dir-823X Firmware versions up to 250416 is affected by improper restriction of excessive authentication attempts (CVSS 3.7).

D-Link Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Command injection in D-Link DWR-M961 firmware version 1.1.47 allows authenticated remote attackers to execute arbitrary commands via manipulation of the action_value parameter in the SMS message handling function. The vulnerability requires valid credentials but no user interaction, and public exploit code is available. Affected systems can suffer unauthorized command execution, data theft, and potential device compromise.

D-Link Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Command injection in D-Link DWR-M961 firmware through the /boafrm/formLtefotaUpgradeFibocom endpoint allows authenticated remote attackers to execute arbitrary commands by manipulating the fota_url parameter. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Command injection in D-Link DWR-M961 firmware (version 1.1.47) allows unauthenticated remote attackers to execute arbitrary commands through the fota_url parameter in the LTE firmware upgrade function. Public exploit code exists for this vulnerability, which requires low privileges but no user interaction to exploit. No patch is currently available for affected devices.

D-Link Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

D-Link DIR-823X routers are vulnerable to remote command injection through the lan_gateway parameter in the /goform/set_mode function, allowing authenticated attackers to execute arbitrary OS commands. Public exploit code is available for this vulnerability, and affected devices are no longer receiving security updates from the vendor. The attack requires network access and valid credentials but has a low CVSS score of 6.3 due to limited impact scope.

D-Link Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. [CVSS 2.4 LOW]

D-Link Path Traversal File Upload
NVD VulDB
EPSS 0% CVSS 7.2
HIGH POC This Week

Unauthenticated remote attackers can inject arbitrary OS commands through the MAC filter configuration parameter in D-Link DIR-615 firmware version 4.10 and potentially earlier versions. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from D-Link. Successful exploitation grants complete system compromise with high impact to confidentiality, integrity, and availability.

D-Link PHP Command Injection +1
NVD VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

Command injection in D-Link DIR-615 firmware via the /set_temp_nodes.php URL Filter component allows unauthenticated remote attackers to execute arbitrary OS commands. Public exploit code exists for this vulnerability, which affects legacy unsupported devices with a 7.2 CVSS score and no available patch.

D-Link PHP Command Injection +1
NVD VulDB
EPSS 0% CVSS 7.2
HIGH POC This Week

Remote code execution in D-Link DIR-615 firmware through os command injection via the ipaddr parameter in the Web Management Interface allows unauthenticated remote attackers to execute arbitrary commands. The vulnerability affects unsupported firmware versions up to 4.10, and public exploit code is available. No patch has been released by the vendor.

D-Link PHP Command Injection +1
NVD VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

Dcs-700L Firmware versions up to 1.03.09 contains a vulnerability that allows attackers to command injection (CVSS 4.7).

D-Link Command Injection
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

D-Link D-View 8 installer versions 2.0.1.107 and below are vulnerable to DLL preloading attacks that execute with administrator privileges when a user approves a UAC prompt. An attacker can place a malicious version.dll file in the installer directory to achieve arbitrary code execution with system-level access. This vulnerability affects users installing or updating D-View 8 on Windows systems.

D-Link D View 8
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

D-Link D-View 8 versions 2.0.1.107 and below allow authenticated users to bypass access controls on backend API endpoints and retrieve credential data for arbitrary accounts, including administrators. An attacker can leverage exposed credentials to directly authenticate as any user and gain full administrative control over the D-View system. A patch is available to address this high-severity improper access control vulnerability.

D-Link D View 8
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

Dir-823X Firmware versions up to 250126 contains a vulnerability that allows attackers to command injection (CVSS 7.3).

D-Link Command Injection
NVD GitHub VulDB
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

D-Link DIR-895L router has command injection in the DHCP daemon via the hostname parameter during lease renewal. Any device requesting a DHCP lease with a malicious hostname achieves root code execution on the router. PoC available.

D-Link Command Injection Dir 895la1 Firmware
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

Command injection in D-Link DI-8200G firmware version 17.12.20A1 via the /upgrade_filter.asp path parameter allows authenticated remote attackers to execute arbitrary commands. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and valid credentials but no user interaction.

D-Link Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Dir-605L Firmware versions up to 6.02cn02 is affected by missing authentication for critical function (CVSS 6.8).

D-Link Dir 605l Firmware
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL Act Now

Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality.

D-Link Authentication Bypass
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Command injection in the SSDP Request Handler (ssdpcgi_main function) of D-Link DIR-806A firmware 100CNb11 allows remote authenticated attackers to execute arbitrary commands with low integrity and availability impact. Publicly available exploit code exists, but the vulnerability affects only end-of-life firmware with minimal real-world exploitation probability (EPSS 0.11%) due to low privilege requirements and limited scope of impact.

Command Injection D-Link Dir 806A Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /msp_info.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The attack can be launched remotely. The exploit has been made public and could be used.

Command Injection D-Link Di 7400G Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

D-Link Path Traversal Dcs 850L Firmware
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Command injection in D-Link DWR-M920 firmware up to version 1.1.50 allows authenticated remote attackers to execute arbitrary commands via the fota_url parameter in the /boafrm/formLtefotaUpgradeQuectel endpoint. Public exploit code is available, though EPSS exploitation probability remains low at 0.20% percentile, suggesting limited real-world exploitation despite proof-of-concept availability.

Command Injection D-Link Dwr M920 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.

Command Injection D-Link Dwr M920 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.

Command Injection D-Link
NVD GitHub VulDB
EPSS 1% CVSS 2.1
LOW POC Monitor

A security flaw has been discovered in D-Link DIR-823X up to 20250416. This affects the function sub_415028 of the file /goform/set_wan_settings. The manipulation of the argument ppp_username results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.

Command Injection D-Link
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

A vulnerability has been found in D-Link R15 (AX1500) 1.20.01 and below. By manipulating the model name parameter during a password change request in the web administrator page, it is possible to trigger a command injection in httpd.

Command Injection R15 Firmware D-Link
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was identified in D-Link DIR-852 1.00.cgi. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A weakness has been identified in D-Link DWR-M920 1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dwr M920 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 822K Firmware +1
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 822K Firmware +1
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 822K Firmware +1
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability was found in D-Link DIR-822K 1.00. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 822K Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 822K Firmware +1
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 822K Firmware +1
NVD GitHub VulDB
EPSS 1% CVSS 7.3
HIGH POC This Month

D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection RCE +1
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 825M Firmware +4
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 825M Firmware +4
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability was determined in D-Link DIR-816L 2_06_b09_beta.cgi. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 816L Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability was found in D-Link DIR-816L 2_06_b09_beta. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 816L Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability has been found in D-Link DIR-816L 2_06_b09_beta. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 816L Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.9
HIGH POC This Week

A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 816L Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1.10CNB05_R1B011D88210.img in the upload.cgi module, which handles firmware version information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 878 Firmware
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /tmp/new_qos.rule. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM POC This Month

A stack buffer overflow vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin in the rc binary's USB storage handling module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 878 Firmware
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 878 Firmware
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Week

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 882 Firmware
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Week

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `librcm.so` binaries. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 882 Firmware
NVD GitHub
EPSS 1% CVSS 7.3
HIGH POC This Month

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 882 Firmware
NVD GitHub
EPSS 1% CVSS 7.3
HIGH POC This Month

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 882 Firmware
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linux_vlan_reinit. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
EPSS 13% CVSS 9.3
CRITICAL Act Now

D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command injection vulnerability within the web management interface that allows for unauthenticated attackers to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.2% and no vendor patch available.

D-Link Command Injection Dir 1260 Firmware
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell CloudLink, versions prior to 8.2, contain use of a Cryptographic Primitive with a Risky Implementation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Cloudlink +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user may exploit and gain parallel privilege escalation or access to the database to obtain confidential. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Cloudlink +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Dell CloudLink, versions prior 8.1.1, contain a Command Injection vulnerability which can be exploited by an Authenticated attacker to cause Command Injection on an affected Dell CloudLink. Rated medium severity (CVSS 5.3). No vendor patch available.

Dell Command Injection Cloudlink +1
NVD
EPSS 0% CVSS 9.1
CRITICAL This Week

Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Privilege Escalation Cloudlink +1
NVD
EPSS 0% CVSS 8.4
HIGH This Month

Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection from console to gain shell access of system. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Cloudlink +1
NVD
EPSS 0% CVSS 9.1
CRITICAL This Week

Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Command Injection Authentication Bypass +2
NVD
EPSS 1% CVSS 8.4
HIGH This Month

Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection to gain control of system. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Cloudlink +1
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

Command injection in D-Link DI-7001 MINI firmware versions 19.09.19A1 and 24.04.18B1 allows authenticated remote attackers to execute arbitrary commands via the cmd parameter in /msp_info.htm. The vulnerability has a public exploit available, though the extremely low CVSS score (2.1) and EPSS percentile (24th) indicate limited real-world exploitability despite network accessibility, as exploitation requires valid login credentials and results in low-impact information disclosure rather than system compromise.

Command Injection D-Link Di 7001Mini 8G Firmware
NVD GitHub VulDB
Prev Page 3 of 16 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy