Filtered by vendor D-link
Subscriptions
Total
230 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7357 | 2 D-link, Dlink | 3 Dir-600, Dir-600, Dir-600 Firmware | 2025-07-16 | 6.3 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgi_main of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273329 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | ||||
| CVE-2025-45784 | 1 D-link | 4 Dph-400s, Dph-400s Firmware, Dph-400se and 1 more | 2025-06-26 | 9.8 Critical |
| D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially leading to unauthorized access to device functions or user accounts. This vulnerability exists due to insecure storage of sensitive information in the firmware binary. | ||||
| CVE-2023-32167 | 2 D-link, Dlink | 2 D-view, D-view 8 | 2025-06-04 | 6.5 Medium |
| D-Link D-View uploadMib Directory Traversal Arbitrary File Creation or Deletion Vulnerability. This vulnerability allows remote attackers to create and delete arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the uploadMib function. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create or delete files in the context of SYSTEM. . Was ZDI-CAN-19529. | ||||
| CVE-2024-48150 | 2 D-link, Dlink | 3 Dir-820l, Dir-820l, Dir-820l Firmware | 2025-05-21 | 9.8 Critical |
| D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_451208 function. | ||||
| CVE-2024-44411 | 2 D-link, Dlink | 3 Di-8300, Di-8300, Di-8300 Firmware | 2025-05-21 | 9.8 Critical |
| D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function. | ||||
| CVE-2024-34950 | 2 D-link, Dlink | 3 Dir-822, Dir-822\+, Dir-822\+ Firmware | 2025-05-21 | 7.5 High |
| D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer overflow vulnerability in the SetNetworkTomographySettings module. | ||||
| CVE-2024-33112 | 2 D-link, Dlink | 3 Dir-845l, Dir-845l, Dir-845l Firmware | 2025-05-21 | 7.5 High |
| D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func. | ||||
| CVE-2024-33345 | 2 D-link, Dlink | 3 Dir-823g, Dir-823g, Dir-823g Firmware | 2025-05-21 | 6.5 Medium |
| D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer dereference in the main function of upload_firmware.cgi, which allows remote attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-33344 | 2 D-link, Dlink | 3 Dir-822, Dir-822\+, Dir-822\+ Firmware | 2025-05-21 | 9.8 Critical |
| D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell. | ||||
| CVE-2024-33342 | 2 D-link, Dlink | 3 Dir-822, Dir-822\+, Dir-822\+ Firmware | 2025-05-21 | 7.5 High |
| D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell. | ||||
| CVE-2023-35757 | 2 D-link, Dlink | 3 Dap-2622, Dap-2622, Dap-2622 Firmware | 2025-05-19 | 8.8 High |
| D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20085. | ||||
| CVE-2023-32137 | 2 D-link, Dlink | 6 Dap-1360f1 Firmware, Dap-2020 Firmware, Dap-1360 and 3 more | 2025-05-16 | 6.5 Medium |
| D-Link DAP-1360 webproc WEB_DisplayPage Directory Traversal Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. . Was ZDI-CAN-18415. | ||||
| CVE-2023-32138 | 2 D-link, Dlink | 5 Dap-1360, Dap-1360, Dap-1360 Firmware and 2 more | 2025-05-16 | 8.8 High |
| D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18416. | ||||
| CVE-2023-32139 | 2 D-link, Dlink | 5 Dap-1360, Dap-1360, Dap-1360 Firmware and 2 more | 2025-05-16 | 8.8 High |
| D-Link DAP-1360 webproc Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18417. | ||||
| CVE-2023-32141 | 2 D-link, Dlink | 6 Dap-1360, Dap-2020, Dap-1360 and 3 more | 2025-05-16 | 8.8 High |
| D-Link DAP-1360 webproc WEB_DisplayPage Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. When parsing the getpage and errorpage parameters, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18419. | ||||
| CVE-2023-32142 | 2 D-link, Dlink | 5 Dap-1360f1 Firmware, Dap-1360, Dap-1360 Firmware and 2 more | 2025-05-16 | 8.8 High |
| D-Link DAP-1360 webproc var:page Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. When parsing the var:page parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18422. | ||||
| CVE-2023-32145 | 2 D-link, Dlink | 5 Dap-1360, Dap-1360, Dap-1360 Firmware and 2 more | 2025-05-16 | 8.8 High |
| D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of login requests to the web-based user interface. The firmware contains hard-coded default credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-18455. | ||||
| CVE-2023-35730 | 2 D-link, Dlink | 3 Dap-2622, Dap-2622, Dap-2622 Firmware | 2025-05-13 | 8.8 High |
| D-Link DAP-2622 DDP Reset Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20057. | ||||
| CVE-2023-35731 | 2 D-link, Dlink | 3 Dap-2622, Dap-2622, Dap-2622 Firmware | 2025-05-13 | 8.8 High |
| D-Link DAP-2622 DDP Reset Factory Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20058. | ||||
| CVE-2023-35740 | 2 D-link, Dlink | 3 Dap-2622, Dap-2622, Dap-2622 Firmware | 2025-05-13 | 8.8 High |
| D-Link DAP-2622 DDP Configuration Backup Server Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20067. | ||||