Filtered by vendor Dlink
Subscriptions
Total
1694 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-4927 | 3 Acme, Dlink, Netgear | 5 Micro Httpd, Dsl2740u, Dsl2750u and 2 more | 2025-04-12 | N/A |
| Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request. | ||||
| CVE-2023-44415 | 1 Dlink | 4 Dir-1260, Dir-1260 Firmware, Dir-2150 and 1 more | 2025-04-11 | 8.0 High |
| D-Link Multiple Routers cli Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1260 and DIR-2150 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the CLI service, which listens on TCP port 23. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-19946. | ||||
| CVE-2013-7005 | 1 Dlink | 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more | 2025-04-11 | N/A |
| D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive information by reading the Users[#]["Password"] fields in /tmp/teamf1.cfg.ascii. | ||||
| CVE-2013-5946 | 1 Dlink | 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more | 2025-04-11 | N/A |
| The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "Ping or Trace an IP Address" or (2) "Perform a DNS Lookup" section. | ||||
| CVE-2013-6026 | 3 Alphanetworks, Dlink, Planex | 13 Vdsl Asl-55052, Vdsl Asl-56552, Di-524up and 10 more | 2025-04-11 | N/A |
| The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013. | ||||
| CVE-2013-5998 | 1 Dlink | 2 Des-3800, Des-3800 Firmware | 2025-04-11 | N/A |
| Unspecified vulnerability in the Web manager implementation on D-Link Japan DES-3800 devices with firmware before R4.50B58 allows remote attackers to cause a denial of service (device hang) via unknown vectors, a different vulnerability than CVE-2013-5997. | ||||
| CVE-2013-5997 | 1 Dlink | 2 Des-3800, Des-3800 Firmware | 2025-04-11 | N/A |
| Unspecified vulnerability in the SSH implementation on D-Link Japan DES-3800 devices with firmware before R4.50B58 allows remote authenticated users to cause a denial of service (device hang) via unknown vectors, a different vulnerability than CVE-2013-5998. | ||||
| CVE-2013-4707 | 1 Dlink | 2 Des-3810, Des-3810 Firmware | 2025-04-11 | N/A |
| The SSH implementation on D-Link Japan DES-3810 devices with firmware before R2.20.011 allows remote authenticated users to cause a denial of service (device hang) by leveraging login access. | ||||
| CVE-2012-4046 | 1 Dlink | 2 Dcs-932l, Dcs-932l Firmware | 2025-04-11 | N/A |
| The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value. | ||||
| CVE-2012-1308 | 1 Dlink | 2 Dsl-2640b, Dsl-2640b Firmware | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter. | ||||
| CVE-2013-4706 | 1 Dlink | 2 Dwl-2100ap, Dwl-2100ap Firmware | 2025-04-11 | N/A |
| The SSH implementation on the D-Link Japan DWL-2100AP with firmware before R252JP-RC572 allows remote authenticated users to cause a denial of service (reboot) by leveraging login access. | ||||
| CVE-2010-4964 | 1 Dlink | 2 Dcs-2121, Dcs-2121 Firmware | 2025-04-11 | N/A |
| recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon injection" vulnerability. | ||||
| CVE-2013-7308 | 1 Dlink | 2 Des-3810-28, Des-3810-28 Firmware | 2025-04-11 | N/A |
| The OSPF implementation on the D-Link DES-3810-28 switch with firmware R2.20.B017 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. | ||||
| CVE-2013-2271 | 1 Dlink | 2 Dsl-2740b, Dsl-2740b Firmware | 2025-04-11 | N/A |
| The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain administrator access via a request to login.cgi. | ||||
| CVE-2012-5306 | 1 Dlink | 2 Camera Stream Client Activex Control, Dcs-5605 Ptz Ip Network Camera | 2025-04-11 | N/A |
| Stack-based buffer overflow in the SelectDirectory method in DcsCliCtrl.dll in Camera Stream Client ActiveX Control, as used in D-Link DCS-5605 PTZ IP Network Camera, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string argument. | ||||
| CVE-2012-5319 | 1 Dlink | 3 Dcs-2000, Dcs-5300, Dcs-900 | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the rootpass parameter. | ||||
| CVE-2010-4965 | 1 Dlink | 2 Dcs-2121, Dcs-2121 Firmware | 2025-04-11 | N/A |
| /etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server. | ||||
| CVE-2011-3992 | 1 Dlink | 6 Des-3800, Des-3800 Firmware, Dwl-2100ap and 3 more | 2025-04-11 | N/A |
| Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. | ||||
| CVE-2013-6027 | 1 Dlink | 1 Dir-100 | 2025-04-11 | N/A |
| Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/tools_misc.xgi. | ||||
| CVE-2013-7004 | 1 Dlink | 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more | 2025-04-11 | N/A |
| D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username. | ||||