493
CVEs
63
Critical
232
High
1
KEV
342
PoC
289
Unpatched C/H
2.2%
Patch Rate
0.9%
Avg EPSS
Severity Breakdown
CRITICAL
63
HIGH
232
MEDIUM
116
LOW
82
Monthly CVE Trend
Affected Products (30)
Dir 513 Firmware
34
Dir 619l Firmware
28
Dir 816 Firmware
26
Dwr M960 Firmware
22
Dir 823x Firmware
18
Dir 605l Firmware
17
PHP
13
Di 7003G Firmware
11
Di 8100 Firmware
10
Dwr M920 Firmware
10
Dir 600L Firmware
9
Dsl 7740C Firmware
9
Cloudlink
8
Dir 618 Firmware
8
Dir 853 Firmware
7
Dsl 3782 Firmware
7
Dcs 932l Firmware
6
Dir 825 Firmware
6
Dir 816L Firmware
6
Dir 822K Firmware
6
Dir 615 Firmware
5
Dir 878 Firmware
5
Dap 2695 Firmware
4
Dnr 326
4
Dap 1620 Firmware
4
Dir 823G Firmware
4
Dns 1100 4
4
Dns 120
4
Dir 882 Firmware
4
Dnr 202l
4
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2024-57045 | A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 74.5%. | CRITICAL | 9.8 | 74.5% | 144 |
PoC
No patch
|
| CVE-2025-29635 | A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.2 | 1.6% | 108 |
KEV
PoC
No patch
|
| CVE-2025-29040 | An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41737c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 7.2% | 76 |
PoC
No patch
|
| CVE-2025-29041 | An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41710c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 7.2% | 76 |
PoC
No patch
|
| CVE-2025-29042 | An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 7.2% | 76 |
PoC
No patch
|
| CVE-2025-29043 | An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 7.2% | 76 |
PoC
No patch
|
| CVE-2025-25742 | D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the AccountPassword parameter in the SetSysEmailSettings module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 4.2% | 73 |
PoC
No patch
|
| CVE-2025-69542 | D-Link DIR-895L router has command injection in the DHCP daemon via the hostname parameter during lease renewal. Any device requesting a DHCP lease with a malicious hostname achieves root code execution on the router. PoC available. | CRITICAL | 9.8 | 1.5% | 71 |
PoC
No patch
|
| CVE-2025-45931 | An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file | CRITICAL | 9.8 | 1.5% | 70 |
PoC
No patch
|
| CVE-2025-25744 | D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetDynamicDNSSettings module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 1.5% | 70 |
PoC
No patch
|
| CVE-2025-25746 | D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetWanSettings module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 1.5% | 70 |
PoC
No patch
|
| CVE-2025-5623 | Critical stack-based buffer overflow vulnerability in D-Link DIR-816 1.10CNB05 affecting the qosClassifier function's dip_address/sip_address parameters. This unauthenticated, remotely exploitable flaw allows attackers to achieve complete system compromise (confidentiality, integrity, and availability impact). The vulnerability affects end-of-life products no longer receiving vendor support, with public exploit disclosure and confirmed proof-of-concept availability increasing real-world exploitation risk. | CRITICAL | 9.8 | 1.0% | 70 |
PoC
No patch
|
| CVE-2025-5624 | Critical stack-based buffer overflow vulnerability in D-Link DIR-816 firmware version 1.10CNB05 affecting the QoSPortSetup function. An unauthenticated remote attacker can exploit this vulnerability by manipulating port0_group, port0_remarker, ssid0_group, or ssid0_remarker parameters to achieve arbitrary code execution, complete system compromise (confidentiality, integrity, availability), and full device takeover. Public exploit code has been disclosed, increasing real-world exploitation risk significantly. | CRITICAL | 9.8 | 0.7% | 70 |
PoC
No patch
|
| CVE-2025-5630 | Critical stack-based buffer overflow vulnerability in D-Link DIR-816 firmware version 1.10CNB05 affecting the /goform/form2lansetup.cgi endpoint. An unauthenticated remote attacker can exploit this vulnerability by manipulating the 'ip' parameter to achieve complete system compromise including data exfiltration, integrity violation, and denial of service. The vulnerability has public exploit code available and affects end-of-life products no longer receiving vendor support. | CRITICAL | 9.8 | 0.7% | 70 |
PoC
No patch
|
| CVE-2025-7206 | A vulnerability, which was classified as critical, has been found in D-Link DIR-825 2.10. This issue affects the function sub_410DDC of the file switch_language.cgi of the component httpd. The manipulation of the argument Language leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | CRITICAL | 9.8 | 0.5% | 70 |
PoC
No patch
|