Vulnerabilities (CVE)

Vendor filter

D-link Subscribe

Filter

195 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-3193 1 D-link 1 Dir-850l Firmware 2019-10-09 8.3
Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service.
CVE-2017-3192 1 D-link 2 Dir-130 Firmware, Dir-330 Firmware 2019-10-09 5.0
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote...
CVE-2017-3191 1 D-link 2 Dir-130 Firmware, Dir-330 Firmware 2019-10-09 5.0
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a...
CVE-2017-14424 1 D-link 1 Dir-850l Firmware 2019-10-03 2.1
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions.
CVE-2018-17063 1 D-link 1 Dir-816 A2 Firmware 2019-10-03 10.0
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell...
CVE-2017-14418 1 D-link 1 Dir-850l Firmware 2019-10-03 4.3
The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services.
CVE-2018-10641 1 D-link 1 Dir-601 Firmware 2019-10-03 6.8
D-Link DIR-601 A1 1.02NA devices do not require the old password for a password change, which occurs in cleartext.
CVE-2017-17020 1 D-link 3 Dcs-5009 Firmware, Dcs-5010 Firmware, Dcs-5020l Firmware 2019-10-03 6.5
On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web...
CVE-2018-12103 1 D-link 4 Dir-890l A2 Firmware, Dir-885l%2fr Firmware, Dir-890l Firmware and 1 more 2019-10-03 3.3
An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the...
CVE-2018-14081 1 D-link 3 Dir-809 A1 Firmware, Dir-809 A2 Firmware, Dir-809 Guestzone Firmware 2019-10-03 5.0
An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Device passwords, such as the admin password and the WPA key, are stored in cleartext.
CVE-2018-10824 1 D-link 8 Dir-140l Firmware, Dir-640l Firmware, Dwr-111 Firmware and 5 more 2019-10-03 5.0
An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative...
CVE-2018-17786 1 D-link 1 Dir-823g Firmware 2019-10-03 7.5
On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code.
CVE-2018-17787 1 D-link 1 Dir-823g Firmware 2019-10-03 7.5
On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function.
CVE-2018-12710 1 D-link 1 Dir-601 Firmware 2019-10-03 2.7
An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain "Admin" rights due...
CVE-2018-19986 1 D-link 2 Dir-818lw Firmware, Dir-822 Firmware 2019-10-03 10.0
In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is...
CVE-2018-19987 1 D-link 6 Dir-818lw Firmware, Dir-822 Firmware, Dir-860l Firmware and 3 more 2019-10-03 10.0
D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the...
CVE-2018-16408 1 D-link 1 Dir-846 Firmware 2019-10-03 9.0
D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access.
CVE-2017-14429 1 D-link 1 Dir-850l Firmware 2019-10-03 10.0
The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles...
CVE-2018-17064 1 D-link 1 Dir-816 A2 Firmware 2019-10-03 10.0
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp...
CVE-2018-19988 1 D-link 1 Dir-868l Firmware 2019-10-03 7.5
In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble...