Skip to main content

D-Link

Vendor security scorecard – 336 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 3087
336
CVEs
43
Critical
166
High
0
KEV
246
PoC
204
Unpatched C/H
2.1%
Patch Rate
1.0%
Avg EPSS

Severity Breakdown

CRITICAL
43
HIGH
166
MEDIUM
48
LOW
79

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2013-10069 The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 71.7%. CRITICAL 10.0 71.7% 142
PoC No patch
CVE-2013-10048 An OS command injection vulnerability exists in various legacy D-Link routers-including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)-due to improper input handling in the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 59.8%. CRITICAL 9.3 59.8% 141
PoC No patch
CVE-2013-10050 An OS command injection vulnerability exists in multiple D-Link routers-confirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)-via the authenticated tools_vct.xgi CGI endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 61.9%. HIGH 8.7 61.9% 140
PoC No patch
CVE-2013-10059 An authenticated OS command injection vulnerability exists in various D-Link routers (tested on DIR-615H1 running firmware version 8.04) via the tools_vct.htm endpoint. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 50.8%. HIGH 8.6 50.8% 129
PoC No patch
CVE-2018-25115 Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. CRITICAL 10.0 1.6% 72
PoC No patch
CVE-2025-69542 D-Link DIR-895L router has command injection in the DHCP daemon via the hostname parameter during lease renewal. Any device requesting a DHCP lease with a malicious hostname achieves root code execution on the router. PoC available. CRITICAL 9.8 1.5% 71
PoC No patch
CVE-2026-3485 Command injection in D-Link DIR-868L via SSDP service. PoC available. CRITICAL 9.8 0.4% 69
PoC No patch
CVE-2025-70231 Path traversal in D-Link DIR-513 verification code processing. PoC available. CRITICAL 9.8 0.1% 69
PoC No patch
CVE-2025-46108 D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup. [CVSS 9.8 CRITICAL] CRITICAL 9.8 0.1% 69
PoC No patch
CVE-2025-70218 Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvFirewall. Part of a family of 15+ critical buffer overflows in this router. CRITICAL 9.8 0.1% 69
PoC No patch
CVE-2025-70220 Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4. Part of a family of 15+ critical buffer overflows in this router. CRITICAL 9.8 0.1% 69
PoC No patch
CVE-2025-70223 Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork. Part of a family of 15+ critical buffer overflows in this router. CRITICAL 9.8 0.1% 69
PoC No patch
CVE-2025-70226 Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard. Part of a family of 15+ critical buffer overflows in this router. CRITICAL 9.8 0.1% 69
PoC No patch
CVE-2025-70219 Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formDeviceReboot. Part of a family of 15+ critical buffer overflows in this router. CRITICAL 9.8 0.1% 69
PoC No patch
CVE-2025-70221 Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin. Part of a family of 15+ critical buffer overflows in this router. CRITICAL 9.8 0.1% 69
PoC No patch

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy