Search Results (1784 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-44201 1 Dlink 2 Dir-823g, Dir-823g Firmware 2025-04-29 9.8 Critical
D-Link DIR823G 1.02B05 is vulnerable to Commad Injection.
CVE-2022-44808 1 Dlink 2 Dir-823g, Dir-823g Firmware 2025-04-25 9.8 Critical
A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability.
CVE-2025-29043 1 Dlink 2 Dir-823x, Dir-823x Firmware 2025-04-25 9.8 Critical
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234
CVE-2025-29042 1 Dlink 2 Dir-823x, Dir-823x Firmware 2025-04-25 9.8 Critical
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c
CVE-2025-29039 1 Dlink 2 Dir-823x, Dir-823x Firmware 2025-04-25 7.2 High
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x41dda8
CVE-2022-44930 1 Dlink 2 Dhp-w310av, Dhp-w310av Firmware 2025-04-24 9.8 Critical
D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function.
CVE-2022-44832 1 Dlink 2 Dir-3040, Dir-3040 Firmware 2025-04-22 9.8 Critical
D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function.
CVE-2024-27655 1 Dlink 3 Dir-823 Firmware, Dir-823g, Dir-823g Firmware 2025-04-21 8.8 High
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SOAPACTION parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.
CVE-2024-27656 1 Dlink 3 Dir-823 Firmware, Dir-823g, Dir-823g Firmware 2025-04-21 8.8 High
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Cookie parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.
CVE-2024-27657 1 Dlink 3 Dir-823 Firmware, Dir-823g, Dir-823g Firmware 2025-04-21 8.8 High
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the User-Agent parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.
CVE-2024-27658 1 Dlink 3 Dir-823 Firmware, Dir-823g, Dir-823g Firmware 2025-04-21 6.5 Medium
D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2017-6206 1 Dlink 7 Websmart Dgs-1510-20, Websmart Dgs-1510-28, Websmart Dgs-1510-28p and 4 more 2025-04-20 N/A
D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vectors.
CVE-2017-6205 1 Dlink 7 Websmart Dgs-1510-20, Websmart Dgs-1510-28, Websmart Dgs-1510-28p and 4 more 2025-04-20 N/A
D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Command Bypass attacks via unspecified vectors.
CVE-2017-6190 1 Dlink 3 Dwr-116, Dwr-116 Firmware, Dwr-116a1 2025-04-20 N/A
Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" request.
CVE-2016-10178 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2025-04-20 9.8 Critical
An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command.
CVE-2015-7246 2 D-link, Dlink 2 Dvg-n5402sp Firmware, Dvg-n5402sp 2025-04-20 N/A
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access.
CVE-2017-3192 2 D-link, Dlink 4 Dir-130 Firmware, Dir-330 Firmware, Dir-130 and 1 more 2025-04-20 N/A
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device.
CVE-2017-3191 2 D-link, Dlink 4 Dir-130 Firmware, Dir-330 Firmware, Dir-130 and 1 more 2025-04-20 N/A
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials.
CVE-2017-7406 1 Dlink 1 Dir-615 2025-04-20 9.8 Critical
The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being added while sniffing the traffic.
CVE-2017-7405 1 Dlink 1 Dir-615 2025-04-20 9.8 Critical
On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an attacker might be able to take over the administrative session without being prompted for authentication credentials. An attacker can get the victim's and router's IP addresses by simply sniffing the network traffic. Moreover, if the victim has web access enabled on his router and is accessing the web interface from a different network that is behind the NAT/Proxy, an attacker can sniff the network traffic to know the public IP address of the victim's router and take over his session as he won't be prompted for credentials.