Filtered by vendor Dlink
Subscribe
Total
1756 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-100005 | 1 Dlink | 2 Dir-600, Dir-600 Firmware | 2026-04-22 | 6.8 MEDIUM | 8.0 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php. | |||||
| CVE-2013-5223 | 1 Dlink | 2 Dsl-2760u, Dsl-2760u Firmware | 2026-04-22 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl. | |||||
| CVE-2011-4723 | 1 Dlink | 2 Dir-300, Dir-300 Firmware | 2026-04-22 | 6.8 MEDIUM | 5.7 MEDIUM |
| The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-1187 | 2 Dlink, Trendnet | 30 Dir-626l, Dir-626l Firmware, Dir-636l and 27 more | 2026-04-21 | 10.0 HIGH | 9.8 CRITICAL |
| The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. | |||||
| CVE-2006-3687 | 2 D-link, Dlink | 7 Di-604 Broadband Router, Di-784, Ebr-2310 Ethernet Broadband Router and 4 more | 2026-04-16 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900. | |||||
| CVE-2004-0615 | 2 D-link, Dlink | 3 Di-614\+, Di-704p, Di-624 | 2026-04-16 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request. | |||||
| CVE-2002-1810 | 1 Dlink | 2 Dwl-900ap\+, Dwl-900ap\+ Firmware | 2026-04-16 | 7.5 HIGH | 7.5 HIGH |
| D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information. | |||||
| CVE-2005-4723 | 2 D-link, Dlink | 4 Di-524, Di-784, Di-524 and 1 more | 2026-04-16 | 5.0 MEDIUM | N/A |
| D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment. | |||||
| CVE-2005-1827 | 1 Dlink | 2 Dsl-504t, Dsl-504t Firmware | 2026-04-16 | 7.5 HIGH | N/A |
| D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg. | |||||
| CVE-2005-1828 | 1 Dlink | 2 Dsl-504t, Dsl-504t Firmware | 2026-04-16 | 7.5 HIGH | 7.5 HIGH |
| D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2025-52222 | 1 Dlink | 18 Di-8003, Di-8003 Firmware, Di-8003g and 15 more | 2026-04-14 | N/A | 7.5 HIGH |
| D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-8400 v16.07.26A1, DI-8004w v16.07.26A1, DI-8100 v16.07.26A1, and DI-8100G v17.12.20A1 were discovered to contain a buffer overflow via the rd_en, rd_auth, rd_acct, http_hadmin, http_hadminpwd, rd_key, and rd_ip parameters in the radius_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-45057 | 1 Dlink | 2 Di-8300, Di-8300 Firmware | 2026-04-10 | N/A | 7.5 HIGH |
| D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2025-45058 | 1 Dlink | 2 Di-8300, Di-8300 Firmware | 2026-04-10 | N/A | 7.5 HIGH |
| D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fx parameter in the jingx_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2025-45059 | 1 Dlink | 2 Di-8300, Di-8300 Firmware | 2026-04-10 | N/A | 7.5 HIGH |
| D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2025-50667 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-10 | N/A | 7.5 HIGH |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the iface parameter in the /wan_line_detection.asp endpoint. | |||||
| CVE-2025-50668 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-10 | N/A | 7.5 HIGH |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the s parameter in the /web_list_opt.asp endpoint. | |||||
| CVE-2025-50669 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-10 | N/A | 7.5 HIGH |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 and DI-8003G 19.12.10A1 due to improper handling of the wan_ping parameter in the /wan_ping.asp endpoint. | |||||
| CVE-2025-50670 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-10 | N/A | 7.5 HIGH |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_bwr.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in the name, qq, and time parameters. | |||||
| CVE-2025-50672 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-10 | N/A | 7.5 HIGH |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /yyxz_dlink.asp endpoint. | |||||
| CVE-2025-50673 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-10 | N/A | 7.5 HIGH |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the http_lanport parameter in the /webgl.asp endpoint. | |||||