1370
CVEs
393
Critical
613
High
20
KEV
995
PoC
964
Unpatched C/H
4.1%
Patch Rate
5.8%
Avg EPSS
Severity Breakdown
CRITICAL
393
HIGH
613
MEDIUM
274
LOW
90
Monthly CVE Trend
Affected Products (30)
PHP
94
Dir 619l Firmware
63
Dir 816 Firmware
62
Dir 823G Firmware
58
Dir 605l Firmware
56
Dir 878 Firmware
38
Dir 513 Firmware
34
Dns 320 Firmware
27
Dir 882 Firmware
26
Dns 320Lw Firmware
25
Dns 325 Firmware
25
Dns 327L Firmware
24
Dnr 326 Firmware
24
Dns 340L Firmware
24
Dar 7000 Firmware
23
Dns 320L Firmware
23
Dns 345 Firmware
22
Dnr 322L Firmware
22
Dir 850L Firmware
22
Dwr M960 Firmware
22
Dsl 3782 Firmware
22
Dns 726 4 Firmware
21
Dns 1100 4 Firmware
21
Dnr 202L Firmware
21
Dns 1200 05 Firmware
21
Dns 326 Firmware
21
Dns 315L Firmware
21
Dns 120 Firmware
21
Dns 321 Firmware
21
Dns 1550 04 Firmware
21
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2015-2051 | The D-Link DIR-645 Wired/Wireless Router Rev. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | HIGH | 8.8 | 93.0% | 222 |
KEV
PoC
No patch
|
| CVE-2015-1187 | The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | CRITICAL | 9.8 | 81.2% | 215 |
KEV
PoC
No patch
|
| CVE-2022-26258 | D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | CRITICAL | 9.8 | 81.2% | 200 |
KEV
PoC
No patch
|
| CVE-2014-3936 | Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 84.3%. | CRITICAL | 10.0 | 84.3% | 169 |
PoC
No patch
|
| CVE-2014-100005 | Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | HIGH | 8.0 | 40.8% | 166 |
KEV
PoC
|
| CVE-2015-2049 | Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.9%. | CRITICAL | 9.0 | 82.9% | 163 |
PoC
No patch
|
| CVE-2017-12943 | D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 81.8%. | CRITICAL | 9.8 | 81.8% | 151 |
PoC
No patch
|
| CVE-2013-7389 | Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 92.2%. | MEDIUM | 4.3 | 92.2% | 149 |
PoC
|
| CVE-2015-7245 | Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.4%. | HIGH | 7.5 | 89.4% | 147 |
PoC
No patch
|
| CVE-2024-57045 | A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 74.5%. | CRITICAL | 9.8 | 74.5% | 144 |
PoC
No patch
|
| CVE-2013-10069 | The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 71.7%. | CRITICAL | 10.0 | 71.7% | 142 |
PoC
No patch
|
| CVE-2013-10048 | An OS command injection vulnerability exists in various legacy D-Link routers-including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)-due to improper input handling in the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 59.8%. | CRITICAL | 9.3 | 59.8% | 141 |
PoC
No patch
|
| CVE-2013-10050 | An OS command injection vulnerability exists in multiple D-Link routers-confirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)-via the authenticated tools_vct.xgi CGI endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 61.9%. | HIGH | 8.7 | 61.9% | 140 |
PoC
No patch
|
| CVE-2021-42627 | The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 67.4%. | CRITICAL | 9.8 | 67.4% | 136 |
PoC
No patch
|
| CVE-2013-5223 | Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | MEDIUM | 5.4 | 35.5% | 132 |
KEV
PoC
No patch
|