Filtered by vendor Dlink
Subscribe
Total
1670 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-11665 | 1 Dlink | 2 Dap-2695, Dap-2695 Firmware | 2025-11-03 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was detected in D-Link DAP-2695 2.00RC131. This affects the function fwupdater_main of the file rgbin of the component Firmware Update Handler. Performing manipulation results in os command injection. The attack may be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-26258 | 1 Dlink | 2 Dir-820l, Dir-820l Firmware | 2025-11-03 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp. | |||||
| CVE-2024-0769 | 1 Dlink | 2 Dir-859, Dir-859 Firmware | 2025-10-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251666 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | |||||
| CVE-2024-3273 | 1 Dlink | 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more | 2025-10-30 | 7.5 HIGH | 7.3 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | |||||
| CVE-2024-3272 | 1 Dlink | 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more | 2025-10-30 | 10.0 HIGH | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | |||||
| CVE-2025-34253 | 1 Dlink | 1 Nuclias Connect | 2025-10-30 | N/A | 5.4 MEDIUM |
| D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain a stored cross-site scripting (XSS) vulnerability due to improper sanitization of the 'Network' field when editing the configuration, creating a profile, and adding a network. An authenticated attacker can inject arbitrary JavaScript to be executed in the context of other users viewing the profile entry. NOTE: D-Link states that a fix is under development. | |||||
| CVE-2025-34254 | 1 Dlink | 1 Nuclias Connect | 2025-10-30 | N/A | 5.3 MEDIUM |
| D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Login' endpoint returns distinct JSON responses depending on whether the supplied username is associated with an existing account. Because the responses differ in the `error.message`string value, an unauthenticated remote attacker can enumerate valid usernames/accounts on the server. NOTE: D-Link states that a fix is under development. | |||||
| CVE-2025-34255 | 1 Dlink | 1 Nuclias Connect | 2025-10-30 | N/A | 5.3 MEDIUM |
| D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses differ in the `data.exist` boolean value, an unauthenticated remote attacker can enumerate valid email addresses/accounts on the server. NOTE: D-Link states that a fix is under development. | |||||
| CVE-2025-61577 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-10-29 | N/A | 7.5 HIGH |
| D-Link DIR-816A2_FWv1.10CNB05 was discovered to contain a stack overflow via the statuscheckpppoeuser parameter in the dir_setWanWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2025-60566 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
| D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetMACFilter. | |||||
| CVE-2025-60568 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
| D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvFirewall. | |||||
| CVE-2025-60569 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
| D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetRoute. | |||||
| CVE-2025-60570 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
| D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLogDnsquery. | |||||
| CVE-2025-60571 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
| D-Link DIR600LAx FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetQoS. | |||||
| CVE-2025-60572 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
| D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvNetwork. | |||||
| CVE-2025-60547 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
| D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard7. | |||||
| CVE-2025-60548 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 9.8 CRITICAL |
| D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLanSetupRouterSettings. | |||||
| CVE-2025-60549 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
| D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAutoDetecWAN_wizard4. | |||||
| CVE-2025-60550 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
| D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formEasySetTimezone. | |||||
| CVE-2025-60551 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 7.5 HIGH |
| D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the next_page parameter in the function formDeviceReboot. | |||||