Search Results (1785 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-14659 2 D-link, Dlink 6 Dir-860lb1, Dir-868lb1, Dir-860l B1 and 3 more 2026-03-08 8.8 High
A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03. Affected is an unknown function of the component DHCP Daemon. The manipulation of the argument Hostname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.
CVE-2025-46108 1 Dlink 2 Dir-513, Dir-513 Firmware 2026-03-06 9.8 Critical
D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup.
CVE-2025-70218 1 Dlink 2 Dir-513, Dir-513 Firmware 2026-03-06 9.8 Critical
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via POST to the goform/formAdvFirewall component.
CVE-2025-70220 1 Dlink 2 Dir-513, Dir-513 Firmware 2026-03-06 9.8 Critical
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4.
CVE-2025-70223 1 Dlink 2 Dir-513, Dir-513 Firmware 2026-03-06 9.8 Critical
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork.
CVE-2025-70226 1 Dlink 2 Dir-513, Dir-513 Firmware 2026-03-06 9.8 Critical
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard.
CVE-2025-70219 1 Dlink 2 Dir-513, Dir-513 Firmware 2026-03-06 9.8 Critical
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the goform/formDeviceReboot.
CVE-2025-70221 1 Dlink 2 Dir-513, Dir-513 Firmware 2026-03-06 9.8 Critical
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin.
CVE-2025-70225 1 Dlink 2 Dir-513, Dir-513 Firmware 2026-03-06 9.8 Critical
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curtime parameter to the goform/formEasySetupWWConfig component
CVE-2025-70222 1 Dlink 2 Dir-513, Dir-513 Firmware 2026-03-06 9.8 Critical
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin,goform/getAuthCode.
CVE-2025-70229 1 Dlink 2 Dir-513, Dir-513 Firmware 2026-03-06 9.8 Critical
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSchedule.
CVE-2025-70230 1 Dlink 2 Dir-513, Dir-513 Firmware 2026-03-06 9.8 Critical
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDDNS.
CVE-2025-70231 1 Dlink 2 Dir-513, Dir-513 Firmware 2026-03-06 9.8 Critical
D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests related to verification codes in /goform/formLogin, it enters /goform/getAuthCode but fails to filter the value of the FILECODE parameter, resulting in a path traversal vulnerability.
CVE-2025-70232 1 Dlink 2 Dir-513, Dir-513 Firmware 2026-03-06 9.8 Critical
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter.
CVE-2025-70233 1 Dlink 2 Dir-513, Dir-513 Firmware 2026-03-06 9.8 Critical
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard.
CVE-2025-70236 2 D-link, Dlink 3 Dir-513, Dir-513, Dir-513 Firmware 2026-03-04 5.3 Medium
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDomainFilter.
CVE-2026-1624 2 D-link, Dlink 3 Dwr-961, Dwr-m961, Dwr-m961 Firmware 2026-02-23 6.3 Medium
A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fota_url leads to command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-69542 1 Dlink 2 Dir-895la1, Dir-895la1 Firmware 2026-02-10 9.8 Critical
A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal processing logic where the DHCP hostname parameter is directly concatenated into a system command without proper sanitization. When a DHCP client renews an existing lease with a malicious hostname, arbitrary commands can be executed with root privileges.
CVE-2025-10666 2 D-link, Dlink 3 Dir-825, Dir-825, Dir-825 Firmware 2026-02-03 8.8 High
A security flaw has been discovered in D-Link DIR-825 up to 2.10. Affected by this vulnerability is the function sub_4106d4 of the file apply.cgi. The manipulation of the argument countdown_time results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be exploited. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-65731 2 D-link, Dlink 3 Dir-605l, Dir-605l, Dir-605l Firmware 2026-01-30 6.8 Medium
An issue was discovered in D-Link Router DIR-605L (Hardware version F1; Firmware version: V6.02CN02) allowing an attacker with physical access to the UART pins to execute arbitrary commands due to presence of root terminal access on a serial interface without proper access control.