Filtered by vendor Dlink
Subscribe
Total
1756 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-7854 | 1 Dlink | 2 Di-8100, Di-8100 Firmware | 2026-05-06 | 10.0 HIGH | 9.8 CRITICAL |
| A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function url_rule_asp of the file /url_rule.asp of the component POST Parameter Handler. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-7855 | 1 Dlink | 2 Di-8100, Di-8100 Firmware | 2026-05-06 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by this issue is the function tggl_asp of the file /tggl.asp of the component HTTP Request Handler. Performing a manipulation of the argument Name results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2026-7856 | 1 Dlink | 2 Di-8100, Di-8100 Firmware | 2026-05-06 | 8.3 HIGH | 7.2 HIGH |
| A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part of the file /url_member.asp of the component Web Management Interface. Executing a manipulation of the argument Name can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. | |||||
| CVE-2026-7857 | 1 Dlink | 2 Di-8100, Di-8100 Firmware | 2026-05-06 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /user_group.asp of the component CGI Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-42372 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2026-05-06 | N/A | 8.8 HIGH |
| D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35_dlwbr_dir605l" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches. | |||||
| CVE-2026-42373 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2026-05-06 | N/A | 9.8 CRITICAL |
| D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn76_dlwbr_dir605L" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches. | |||||
| CVE-2026-42374 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2026-05-06 | N/A | 9.8 CRITICAL |
| D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn61_dlwbr_dir600L" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches. | |||||
| CVE-2026-42375 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2026-05-06 | N/A | 9.8 CRITICAL |
| D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35_dlwbr_dir600l" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches. | |||||
| CVE-2026-5844 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2026-04-30 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-4529 | 1 Dlink | 2 Dhp-1320, Dhp-1320 Firmware | 2026-04-30 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the function redirect_count_down_page of the component SOAP Handler. Such manipulation leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-5979 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2026-04-30 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-5980 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2026-04-30 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation of the argument curTime causes buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-5981 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2026-04-30 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform/formAdvFirewall of the component POST Request Handler. Such manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-5982 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2026-04-30 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file /goform/formAdvNetwork of the component POST Request Handler. Performing a manipulation of the argument curTime results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-5983 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2026-04-30 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation of the argument curTime can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-5984 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2026-04-30 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formSetLog of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-6012 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2026-04-30 | 9.0 HIGH | 8.8 HIGH |
| A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-7026 | 1 Dlink | 2 Dgs-3420-28tc, Dgs-3420-28tc Firmware | 2026-04-30 | 6.1 MEDIUM | 4.5 MEDIUM |
| A vulnerability was determined in D-Link DGS-3420 1.50.018. This issue affects some unknown processing of the component System Information Settings Page. This manipulation of the argument System Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-7027 | 1 Dlink | 2 Dsl-2740r, Dsl-2740r Firmware | 2026-04-30 | 3.3 LOW | 2.4 LOW |
| A vulnerability was identified in D-Link DSL-2740R EU_01.15. Impacted is an unknown function of the component Wireless Setup Section. Such manipulation of the argument Wireless Network Name leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used. | |||||
| CVE-2026-6013 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2026-04-30 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /goform/formSetRoute of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||