D-Link

Vendor security scorecard – 225 CVEs in the selected period

Period: 30d 90d 6m 1y All

Risk 2135

225

CVEs

30

Critical

133

High

0

KEV

160

PoC

157

Unpatched C/H

3.6%

Patch Rate

0.1%

Avg EPSS

Severity Breakdown

CRITICAL

30

HIGH

133

MEDIUM

55

LOW

6

Monthly CVE Trend

Affected Products (30)

Command Injection 137 Stack Overflow 60 Dir 823x Firmware 37 Dir 513 Firmware 34 Dir 619l Firmware 28 Dir 816 Firmware 26 Dwr M960 Firmware 22 Dir 605l Firmware 17 PHP 15 Dnr 202l 11 Dnr 322l 11 Dns 327l 11 Dns 315l 11 Dnr 326 11 Dns 1200 05 11 Di 7003G Firmware 11 Dns 345 11 Dns 1550 04 11 Dns 326 11 Dns 320lw 11 Dns 340l 11 Dns 325 11 Dns 321 11 Dns 1100 4 11 Dns 120 11 Dns 343 11 Dns 320 11 Dns 320l 11 Dns 323 11 Dns 726 4 11

Top Risky CVEs

CVE	Summary	Severity	CVSS	EPSS	Priority	Signals
CVE-2025-69542	D-Link DIR-895L router has command injection in the DHCP daemon via the hostname parameter during lease renewal. Any device requesting a DHCP lease with a malicious hostname achieves root code execution on the router. PoC available.	CRITICAL	9.8	1.5%	71	PoC No patch
CVE-2026-3485	Command injection in D-Link DIR-868L via SSDP service. PoC available.	CRITICAL	9.8	0.4%	69	PoC No patch
CVE-2025-70231	Path traversal in D-Link DIR-513 verification code processing. PoC available.	CRITICAL	9.8	0.1%	69	PoC No patch
CVE-2025-46108	D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup. [CVSS 9.8 CRITICAL]	CRITICAL	9.8	0.1%	69	PoC No patch
CVE-2025-70218	Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvFirewall. Part of a family of 15+ critical buffer overflows in this router.	CRITICAL	9.8	0.1%	69	PoC No patch
CVE-2025-70220	Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4. Part of a family of 15+ critical buffer overflows in this router.	CRITICAL	9.8	0.1%	69	PoC No patch
CVE-2025-70223	Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork. Part of a family of 15+ critical buffer overflows in this router.	CRITICAL	9.8	0.1%	69	PoC No patch
CVE-2025-70226	Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard. Part of a family of 15+ critical buffer overflows in this router.	CRITICAL	9.8	0.1%	69	PoC No patch
CVE-2025-70219	Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formDeviceReboot. Part of a family of 15+ critical buffer overflows in this router.	CRITICAL	9.8	0.1%	69	PoC No patch
CVE-2025-70221	Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin. Part of a family of 15+ critical buffer overflows in this router.	CRITICAL	9.8	0.1%	69	PoC No patch
CVE-2025-70225	Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWWConfig. Part of a family of 15+ critical buffer overflows in this router.	CRITICAL	9.8	0.1%	69	PoC No patch
CVE-2025-70222	Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin,goform/getAuthCode. Part of a family of 15+ critical buffer overflows in this router.	CRITICAL	9.8	0.1%	69	PoC No patch
CVE-2025-70229	Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSchedule. Part of a family of 15+ critical buffer overflows in this router.	CRITICAL	9.8	0.1%	69	PoC No patch
CVE-2025-70230	Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDDNS. Part of a family of 15+ critical buffer overflows in this router.	CRITICAL	9.8	0.1%	69	PoC No patch
CVE-2025-70232	Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter. Part of a family of 15+ critical buffer overflows in this router.	CRITICAL	9.8	0.1%	69	PoC No patch

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy