Search Results (1786 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-36786 1 Dlink 2 Dsl-224, Dsl-224 Firmware 2025-04-29 9.9 Critical
DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router.
CVE-2022-36785 1 Dlink 2 G Integrated Access Device4, G Integrated Access Device4 Firmware 2025-04-29 7.5 High
D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass. *Information Disclosure – file contains a URL with private IP at line 15 "login.asp" A. The window.location.href = http://192.168.1.1/setupWizard.asp" http://192.168.1.1/setupWizard.asp" ; "admin" – contains default username value "login.asp" B. While accessing the web interface, the login form at *Authorization Bypass – URL by "setupWizard.asp' while it blocks direct access to – the web interface does not properly validate user identity variables values located at the client side, it is available to access it without a "login_glag" and "login_status" checking browser and to read the admin user credentials for the web interface.
CVE-2022-44201 1 Dlink 2 Dir-823g, Dir-823g Firmware 2025-04-29 9.8 Critical
D-Link DIR823G 1.02B05 is vulnerable to Commad Injection.
CVE-2022-44808 1 Dlink 2 Dir-823g, Dir-823g Firmware 2025-04-25 9.8 Critical
A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability.
CVE-2025-29043 1 Dlink 2 Dir-823x, Dir-823x Firmware 2025-04-25 9.8 Critical
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234
CVE-2025-29042 1 Dlink 2 Dir-823x, Dir-823x Firmware 2025-04-25 9.8 Critical
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c
CVE-2025-29039 1 Dlink 2 Dir-823x, Dir-823x Firmware 2025-04-25 7.2 High
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x41dda8
CVE-2022-44930 1 Dlink 2 Dhp-w310av, Dhp-w310av Firmware 2025-04-24 9.8 Critical
D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function.
CVE-2022-44832 1 Dlink 2 Dir-3040, Dir-3040 Firmware 2025-04-22 9.8 Critical
D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function.
CVE-2024-27655 1 Dlink 3 Dir-823 Firmware, Dir-823g, Dir-823g Firmware 2025-04-21 8.8 High
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SOAPACTION parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.
CVE-2024-27656 1 Dlink 3 Dir-823 Firmware, Dir-823g, Dir-823g Firmware 2025-04-21 8.8 High
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Cookie parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.
CVE-2024-27657 1 Dlink 3 Dir-823 Firmware, Dir-823g, Dir-823g Firmware 2025-04-21 8.8 High
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the User-Agent parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.
CVE-2024-27658 1 Dlink 3 Dir-823 Firmware, Dir-823g, Dir-823g Firmware 2025-04-21 6.5 Medium
D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2016-10181 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2025-04-20 7.5 High
An issue was discovered on the D-Link DWR-932B router. qmiweb provides sensitive information for CfgType=get_homeCfg requests.
CVE-2016-10179 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2025-04-20 7.5 High
An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607.
CVE-2017-14413 1 Dlink 2 Dir-850l, Dir-850l Firmware 2025-04-20 6.1 Medium
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php.
CVE-2017-14428 1 Dlink 2 Dir-850l, Dir-850l Firmware 2025-04-20 7.8 High
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions.
CVE-2016-10180 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2025-04-20 7.5 High
An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding.
CVE-2017-3191 2 D-link, Dlink 4 Dir-130 Firmware, Dir-330 Firmware, Dir-130 and 1 more 2025-04-20 N/A
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials.
CVE-2017-14415 1 Dlink 2 Dir-850l, Dir-850l Firmware 2025-04-20 6.1 Medium
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php.