Vulnerabilities (CVE)

Vendor filter

Dlink Subscribe

Filter

120 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-16057 1 Dlink 1 Dns-320 Firmware 2019-09-16 10.0
The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.
CVE-2019-16190 1 Dlink 3 Dir-868l Firmware, Dir-885l Firmware, Dir-895l Firmware 2019-09-11 7.5
SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php.
CVE-2019-10891 1 Dlink 1 Dir-806 Firmware 2019-09-09 10.0
D-Link DIR-806 devices allow remote attackers to execute arbitrary shell commands via a trailing substring of an HTTP header that has "SOAPAction: http://purenetworks.com/HNAP1/GetDeviceSettings/" at the beginning.
CVE-2019-10892 1 Dlink 1 Dir-806 Firmware 2019-09-09 10.0
hnap_main in /htdocs/cgibin on D-link DIR-806 v1.0 devices has a stack-based buffer overflow via a long HTTP header that has "SOAPAction: http://purenetworks.com/HNAP1/GetDeviceSettings/" at the beginning.
CVE-2019-13482 1 Dlink 1 Dir-818lw Firmware 2019-08-27 9.0
An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings.
CVE-2019-15526 1 Dlink 1 Dir-823g Firmware 2019-08-27 9.0
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings, a related issue to CVE-2019-13482.
CVE-2019-15527 1 Dlink 1 Dir-823g Firmware 2019-08-27 9.0
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings.
CVE-2019-15528 1 Dlink 1 Dir-823g Firmware 2019-08-27 9.0
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSettings.
CVE-2019-7736 1 Dlink 1 Dir-600m Firmware 2019-08-27 7.5
D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page. NOTE: this may overlap CVE-2019-13101.
CVE-2019-15529 1 Dlink 1 Dir-823g Firmware 2019-08-27 9.0
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login.
CVE-2019-15530 1 Dlink 1 Dir-823g Firmware 2019-08-27 9.0
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the LoginPassword field to Login.
CVE-2019-13101 1 Dlink 1 Dir-600m Firmware 2019-08-15 7.5
An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify...
CVE-2019-14335 1 Dlink 2 6600-ap Firmware, Dwl-3600ap Firmware 2019-08-14 4.9
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated denial of service leading to the reboot of the AP via the admin.cgi?action=%s URI.
CVE-2019-14337 1 Dlink 2 6600-ap Firmware, Dwl-3600ap Firmware 2019-08-09 2.1
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is an ability to escape to a shell in the restricted command line interface, as demonstrated by the `/bin/sh -c wget` sequence.
CVE-2019-14336 1 Dlink 2 6600-ap Firmware, Dwl-3600ap Firmware 2019-08-09 2.1
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated dump of all of the config files through a certain admin.cgi?action= insecure HTTP request.
CVE-2019-1010155 1 Dlink 1 Dsl-2750u Firmware 2019-08-08 6.4
** DISPUTED ** D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. The impact is: denial of service and information leakage. The component is: login. NOTE: Third parties dispute this issues as not being a vulnerability because although...
CVE-2019-6969 1 Dlink 1 Dva-5592 Firmware 2019-08-07 5.0
The web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that allows an unauthenticated user to have access to sensitive information such as the Wi-Fi password and the phone number (if VoIP is in use).
CVE-2019-6968 1 Dlink 1 Dva-5592 Firmware 2019-08-07 4.3
The web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS because HTML form parameters are directly reflected.
CVE-2019-14333 1 Dlink 2 6600-ap Firmware, Dwl-3600ap Firmware 2019-08-05 4.9
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a pre-authenticated denial of service attack against the access point via a long action parameter to admin.cgi.
CVE-2019-14332 1 Dlink 2 6600-ap Firmware, Dwl-3600ap Firmware 2019-08-05 4.6
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is use of weak ciphers for SSH such as diffie-hellman-group1-sha1.