Filtered by vendor Dlink
Subscribe
Total
1756 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-2151 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2026-02-11 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability has been found in D-Link DIR-615 4.10. This affects an unknown part of the file adv_firewall.php of the component DMZ Host Feature. Such manipulation of the argument dmz_ipaddr leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-2152 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2026-02-11 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file adv_routing.php of the component Web Configuration Interface. Performing a manipulation of the argument dest_ip/ submask/ gw results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-2155 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2026-02-11 | 8.3 HIGH | 7.2 HIGH |
| A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub_4208A0 of the file /goform/set_dmz of the component Configuration Handler. The manipulation of the argument dmz_host/dmz_enable results in os command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-2157 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2026-02-11 | 8.3 HIGH | 7.2 HIGH |
| A security vulnerability has been detected in D-Link DIR-823X 250416. This affects the function sub_4175CC of the file /goform/set_static_route_table. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-2175 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2026-02-11 | 8.3 HIGH | 7.2 HIGH |
| A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420618 of the file /goform/set_upnp. This manipulation of the argument upnp_enable causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-2193 | 1 Dlink | 2 Di-7100g C1, Di-7100g C1 Firmware | 2026-02-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in D-Link DI-7100G C1 24.04.18D1. Affected by this issue is the function set_jhttpd_info. Performing a manipulation of the argument usb_username results in command injection. Remote exploitation of the attack is possible. | |||||
| CVE-2026-2210 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2026-02-11 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability has been found in D-Link DIR-823X 250416. This affects the function sub_4211C8 of the file /goform/set_filtering. Such manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-69542 | 1 Dlink | 2 Dir-895la1, Dir-895la1 Firmware | 2026-02-10 | N/A | 9.8 CRITICAL |
| A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal processing logic where the DHCP hostname parameter is directly concatenated into a system command without proper sanitization. When a DHCP client renews an existing lease with a malicious hostname, arbitrary commands can be executed with root privileges. | |||||
| CVE-2026-2143 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2026-02-10 | 8.3 HIGH | 7.2 HIGH |
| A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/set_ddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-2142 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2026-02-10 | 8.3 HIGH | 7.2 HIGH |
| A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420688 of the file /goform/set_qos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-2084 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2026-02-10 | 8.3 HIGH | 7.2 HIGH |
| A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/set_language. Executing a manipulation of the argument langSelection can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2025-10666 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2026-02-03 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in D-Link DIR-825 up to 2.10. Affected by this vulnerability is the function sub_4106d4 of the file apply.cgi. The manipulation of the argument countdown_time results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be exploited. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-1505 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2026-01-30 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was found in D-Link DIR-615 4.10. This issue affects some unknown processing of the file /set_temp_nodes.php of the component URL Filter. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-1506 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2026-01-30 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was determined in D-Link DIR-615 4.10. Impacted is an unknown function of the file /adv_mac_filter.php of the component MAC Filter Configuration. This manipulation of the argument mac causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-23755 | 1 Dlink | 1 D-view 8 | 2026-01-30 | N/A | 7.3 HIGH |
| D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious version.dll alongside the legitimate installer so that, when a victim runs the installer and approves the UAC prompt, attacker-controlled code executes with administrator privileges. This can lead to full system compromise. | |||||
| CVE-2026-23754 | 1 Dlink | 1 D-view 8 | 2026-01-30 | N/A | 8.8 HIGH |
| D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user_id value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credential material can be reused directly as a valid authentication secret, allowing full impersonation of the targeted account. This results in complete account takeover and full administrative control over the D-View system. | |||||
| CVE-2025-65731 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2026-01-30 | N/A | 6.8 MEDIUM |
| An issue was discovered in D-Link Router DIR-605L (Hardware version F1; Firmware version: V6.02CN02) allowing an attacker with physical access to the UART pins to execute arbitrary commands due to presence of root terminal access on a serial interface without proper access control. | |||||
| CVE-2026-1448 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2026-01-28 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wiz_policy_3_machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-57440 | 1 Dlink | 2 Dsl-3788, Dsl-3788 Firmware | 2026-01-20 | N/A | 7.5 HIGH |
| D-Link DSL-3788 revA1 1.01R1B036_EU_EN is vulnerable to Buffer Overflow via the COMM_MAKECustomMsg function of the webproc cgi | |||||
| CVE-2025-15194 | 1 Dlink | 2 Dir-600, Dir-600 Firmware | 2026-01-13 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||