3
CVEs
1
Critical
1
High
0
KEV
2
PoC
2
Unpatched C/H
0.0%
Patch Rate
0.7%
Avg EPSS
Severity Breakdown
CRITICAL
1
HIGH
1
MEDIUM
1
LOW
0
Monthly CVE Trend
Affected Products (30)
PHP
94
Dir 619l Firmware
63
Dir 816 Firmware
62
Dir 823G Firmware
58
Dir 605l Firmware
56
Dir 878 Firmware
38
Dir 513 Firmware
34
Dns 320 Firmware
27
Dir 882 Firmware
26
Dns 320Lw Firmware
25
Dns 325 Firmware
25
Dns 327L Firmware
24
Dnr 326 Firmware
24
Dns 340L Firmware
24
Dar 7000 Firmware
23
Dns 320L Firmware
23
Dns 345 Firmware
22
Dnr 322L Firmware
22
Dir 850L Firmware
22
Dwr M960 Firmware
22
Dsl 3782 Firmware
22
Dns 726 4 Firmware
21
Dns 1100 4 Firmware
21
Dnr 202L Firmware
21
Dns 1200 05 Firmware
21
Dns 326 Firmware
21
Dns 315L Firmware
21
Dns 120 Firmware
21
Dns 321 Firmware
21
Dns 1550 04 Firmware
21
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-13545 | OS command injection in the D-Link DCS-935L Wi-Fi network camera (firmware 1.10.01) lets a remote attacker inject arbitrary operating-system commands through the UID POST parameter handled by the sub_400E40 function in setconf.cgi. The CVSS 4.0 vector requires low privileges (PR:L), so an attacker needs some level of authenticated/session access, after which they gain full confidentiality, integrity, and availability impact on the device. Publicly available exploit code exists (disclosed via VulDB), though there is no public exploit identified as actively exploited in the wild. | HIGH | 7.4 | 1.6% | 59 |
PoC
No patch
|
| CVE-2026-15270 | Least-privilege violation in the D-Link DIR-823G router (firmware 1.0.2B05_20181207) stems from insecure configuration of the Boa web server via /etc/boa/boa.conf, allowing an authenticated remote attacker to abuse over-broad privileges to compromise confidentiality, integrity, and availability. Publicly available exploit code exists, but the CVSS 4.0 vector rates attack complexity high (AC:H) and vendor guidance notes exploitation is difficult; there is no public exploit identified as actively exploited (not in CISA KEV). EPSS data was not supplied, but the low-privilege network vector combined with full CIA impact makes this a meaningful risk on exposed devices. | MEDIUM | 6.8 | 0.4% | 54 |
PoC
No patch
|
| CVE-2026-52533 | Privilege escalation in D-Link DIR-1253 firmware v1.0.1.250923.142435 stems from improper handling of the /etc/shadow file - the store of hashed local credentials - letting an attacker obtain or elevate to root-level access on the device. Publicly available exploit code exists (referenced via the zuh.re/codeberg advisory), but there is no public exploit identified as actively exploited and the CVE is not on the CISA KEV list. The published CVSS of 9.8 (AV:N) appears optimistic given that the core issue centers on a local system credential file, so the true remote-unauthenticated reach should be verified against the vendor advisory. | CRITICAL | 9.8 | 0.2% | 49 |
No patch
|