Filtered by vendor Dlink
Subscriptions
Total
1435 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-14414 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 6.1 Medium |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php. | ||||
| CVE-2017-14413 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 6.1 Medium |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php. | ||||
| CVE-2017-14423 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 7.5 High |
| htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests. | ||||
| CVE-2017-15909 | 1 Dlink | 2 Dgs-1500, Dgs-1500 Firmware | 2025-04-20 | N/A |
| D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access. | ||||
| CVE-2015-7247 | 2 D-link, Dlink | 2 Dvg-n5402sp Firmware, Dvg-n5402sp | 2025-04-20 | N/A |
| D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2017-5874 | 2 D-link, Dlink | 2 Dir-600m Firmware, Dir-600m | 2025-04-20 | N/A |
| CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact. | ||||
| CVE-2016-10181 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2025-04-20 | 7.5 High |
| An issue was discovered on the D-Link DWR-932B router. qmiweb provides sensitive information for CfgType=get_homeCfg requests. | ||||
| CVE-2017-7851 | 2 D-link, Dlink | 2 Dcs-936l, Dcs-936l | 2025-04-20 | N/A |
| D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header. | ||||
| CVE-2014-7858 | 2 D-link, Dlink | 2 Dnr-326 Firmware, Dnr-326 | 2025-04-20 | N/A |
| The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string. | ||||
| CVE-2016-10180 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2025-04-20 | 7.5 High |
| An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding. | ||||
| CVE-2016-10125 | 1 Dlink | 13 Dgs-1100-05, Dgs-1100-05pd, Dgs-1100-08 and 10 more | 2025-04-20 | N/A |
| D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session. | ||||
| CVE-2016-10405 | 2 D-link, Dlink | 2 Dir-600l Firmware, Dir-600l | 2025-04-20 | N/A |
| Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors. | ||||
| CVE-2014-7857 | 2 D-link, Dlink | 14 Dnr-326 Firmware, Dns-320b Firmware, Dns-320l Firmware and 11 more | 2025-04-20 | N/A |
| D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session's cookie to username=admin. | ||||
| CVE-2017-7398 | 2 D-link, Dlink | 2 Dir-615 Firmware, Dir-615 | 2025-04-20 | N/A |
| D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or changing the hiddenSSID parameter, SSID parameter, or a security-option password. | ||||
| CVE-2017-9100 | 1 Dlink | 2 Dir-600m, Dir-600m Firmware | 2025-04-20 | 8.8 High |
| login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt. | ||||
| CVE-2016-10699 | 1 Dlink | 2 Dsl-2740e, Dsl-2740e Firmware | 2025-04-20 | N/A |
| D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a victim when checking the router logs. | ||||
| CVE-2014-7859 | 2 D-link, Dlink | 10 Dnr-320l Firmware, Dnr-326 Firmware, Dns-320lw Firmware and 7 more | 2025-04-20 | N/A |
| Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and "Referer" header values. | ||||
| CVE-2017-6206 | 1 Dlink | 7 Websmart Dgs-1510-20, Websmart Dgs-1510-28, Websmart Dgs-1510-28p and 4 more | 2025-04-20 | N/A |
| D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vectors. | ||||
| CVE-2016-10186 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2025-04-20 | 7.5 High |
| An issue was discovered on the D-Link DWR-932B router. /var/miniupnpd.conf has no deny rules. | ||||
| CVE-2016-10185 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2025-04-20 | 7.5 High |
| An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf. | ||||