Search Results (1784 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-14421 1 Dlink 2 Dir-850l, Dir-850l Firmware 2025-04-20 9.8 Critical
D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session.
CVE-2016-10181 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2025-04-20 7.5 High
An issue was discovered on the D-Link DWR-932B router. qmiweb provides sensitive information for CfgType=get_homeCfg requests.
CVE-2016-1558 1 Dlink 20 Dap-2230, Dap-2230 Firmware, Dap-2310 and 17 more 2025-04-20 N/A
Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, DAP-2695 1.16 and earlier, DAP-3320 1.00 and earlier, and DAP-3662 1.01 and earlier allows remote attackers to have unspecified impact via a crafted 'dlink_uid' cookie.
CVE-2016-10179 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2025-04-20 7.5 High
An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607.
CVE-2016-10178 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2025-04-20 9.8 Critical
An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command.
CVE-2017-12943 1 Dlink 2 Dir-600 B1, Dir-600 B1 Firmware 2025-04-20 9.8 Critical
D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password.
CVE-2016-10182 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2025-04-20 9.8 Critical
An issue was discovered on the D-Link DWR-932B router. qmiweb allows command injection with ` characters.
CVE-2016-10183 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2025-04-20 7.5 High
An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal.
CVE-2016-10125 1 Dlink 13 Dgs-1100-05, Dgs-1100-05pd, Dgs-1100-08 and 10 more 2025-04-20 N/A
D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session.
CVE-2017-6411 1 Dlink 2 Dsl-2730u, Dsl-2730u Firmware 2025-04-20 N/A
Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password.
CVE-2017-6206 1 Dlink 7 Websmart Dgs-1510-20, Websmart Dgs-1510-28, Websmart Dgs-1510-28p and 4 more 2025-04-20 N/A
D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vectors.
CVE-2014-7860 2 D-link, Dlink 4 Dns-320l Firmware, Dns-327l Firmware, Dns-320l and 1 more 2025-04-20 N/A
The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and access_token.
CVE-2017-6205 1 Dlink 7 Websmart Dgs-1510-20, Websmart Dgs-1510-28, Websmart Dgs-1510-28p and 4 more 2025-04-20 N/A
D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Command Bypass attacks via unspecified vectors.
CVE-2017-6190 1 Dlink 3 Dwr-116, Dwr-116 Firmware, Dwr-116a1 2025-04-20 N/A
Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" request.
CVE-2022-46076 1 Dlink 4 Dir-869, Dir-869 Firmware, Dir-869ax and 1 more 2025-04-17 7.5 High
D-Link DIR-869 DIR869Ax_FW102B15 is vulnerable to Authentication Bypass via phpcgi.
CVE-2022-38873 1 Dlink 18 Dap-2310, Dap-2310 Firmware, Dap-2330 and 15 more 2025-04-17 7.5 High
D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106 and earlier, DAP-2695 v1.20rc119_beta31 and earlier, DAP-3320 v1.05rc027 beta and earlier, DAP-3662 v1.05rc047 and earlier allows attackers to cause a Denial of Service (DoS) via uploading a crafted firmware after modifying the firmware header.
CVE-2024-27662 1 Dlink 3 Dir-823 Firmware, Dir-823g, Dir-823g Firmware 2025-04-15 6.5 Medium
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_4110f4(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-28395 1 Dlink 2 Di-8100, Di-8100 Firmware 2025-04-15 7.1 High
D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the host_ip parameter.
CVE-2025-28398 1 Dlink 2 Di-8100, Di-8100 Firmware 2025-04-15 7.1 High
D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the remot_ip parameter.
CVE-2022-46642 1 Dlink 2 Dir-846, Dir-846 Firmware 2025-04-15 9.9 Critical
D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the auto_upgrade_hour parameter in the SetAutoUpgradeInfo function.