Skip to main content

D-Link

Vendor security scorecard – 1370 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 15371
1370
CVEs
393
Critical
613
High
20
KEV
995
PoC
964
Unpatched C/H
4.1%
Patch Rate
5.8%
Avg EPSS

Severity Breakdown

CRITICAL
393
HIGH
613
MEDIUM
274
LOW
90

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2015-2051 The D-Link DIR-645 Wired/Wireless Router Rev. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. HIGH 8.8 93.0% 222
KEV PoC No patch
CVE-2015-1187 The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. CRITICAL 9.8 81.2% 215
KEV PoC No patch
CVE-2022-26258 D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. CRITICAL 9.8 81.2% 200
KEV PoC No patch
CVE-2014-3936 Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 84.3%. CRITICAL 10.0 84.3% 169
PoC No patch
CVE-2014-100005 Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. HIGH 8.0 40.8% 166
KEV PoC
CVE-2015-2049 Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.9%. CRITICAL 9.0 82.9% 163
PoC No patch
CVE-2017-12943 D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 81.8%. CRITICAL 9.8 81.8% 151
PoC No patch
CVE-2013-7389 Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 92.2%. MEDIUM 4.3 92.2% 149
PoC
CVE-2015-7245 Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.4%. HIGH 7.5 89.4% 147
PoC No patch
CVE-2024-57045 A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 74.5%. CRITICAL 9.8 74.5% 144
PoC No patch
CVE-2013-10069 The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 71.7%. CRITICAL 10.0 71.7% 142
PoC No patch
CVE-2013-10048 An OS command injection vulnerability exists in various legacy D-Link routers-including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)-due to improper input handling in the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 59.8%. CRITICAL 9.3 59.8% 141
PoC No patch
CVE-2013-10050 An OS command injection vulnerability exists in multiple D-Link routers-confirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)-via the authenticated tools_vct.xgi CGI endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 61.9%. HIGH 8.7 61.9% 140
PoC No patch
CVE-2021-42627 The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 67.4%. CRITICAL 9.8 67.4% 136
PoC No patch
CVE-2013-5223 Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. MEDIUM 5.4 35.5% 132
KEV PoC No patch

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy