Filtered by vendor Dlink
Subscribe
Total
1294 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40718 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15728. | |||||
| CVE-2022-40717 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15727. | |||||
| CVE-2022-3210 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd service, which listens on TCP port 4044 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15905. | |||||
| CVE-2022-38557 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. | |||||
| CVE-2022-38258 | 1 Dlink | 2 Dir-819, Dir-819 Firmware | 2024-11-21 | N/A | 8.1 HIGH |
| A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 allows attackers to cause a Denial of Service (DoS) or access sensitive server information via manipulation of the getpage parameter in a crafted web request. | |||||
| CVE-2022-37134 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wantype is 3, l2tp_usrname will be decrypted by base64, and the result will be stored in v94, which does not check the size of l2tp_usrname, resulting in stack overflow. | |||||
| CVE-2022-37133 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentication via /goform/doReboot. No authentication is required, and reboot is executed when the function returns at the end. | |||||
| CVE-2022-37130 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerability | |||||
| CVE-2022-37129 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte_4836B0 by snprintf, and finally doSystem(&byte_4836B0); will be executed, resulting in a command injection. | |||||
| CVE-2022-37128 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end. | |||||
| CVE-2022-37125 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost. | |||||
| CVE-2022-37123 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi. | |||||
| CVE-2022-36756 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php. | |||||
| CVE-2022-36755 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-Link DIR845L A1 contains a authentication vulnerability via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php. | |||||
| CVE-2022-36620 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /goform/addRouting. | |||||
| CVE-2022-36619 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC. | |||||
| CVE-2022-36588 | 1 Dlink | 2 Dap-1650, Dap-1650 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| In D-Link DAP1650 v1.04 firmware, the fileaccess.cgi program in the firmware has a buffer overflow vulnerability caused by strncpy. | |||||
| CVE-2022-36526 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Authentication Bypass via function phpcgi_main in cgibin. | |||||
| CVE-2022-36525 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Buffer Overflow via authenticationcgi_main. | |||||
| CVE-2022-36524 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Static Default Credentials via /etc/init0.d/S80telnetd.sh. | |||||