Filtered by vendor Dlink
Subscribe
Total
1538 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-14528 | 1 Dlink | 2 Dir-803, Dir-803 Firmware | 2025-12-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_GROUP results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-63932 | 1 Dlink | 2 Dir-868l, Dir-868l Firmware | 2025-12-11 | N/A | 7.3 HIGH |
| D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. The HNAP service provided by cgibin does not filter the HTTP SOAPAction header field. The unauthenticated remote attacker can execute the shell command. | |||||
| CVE-2025-14225 | 1 Dlink | 2 Dcs-930l, Dcs-930l Firmware | 2025-12-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-37057 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-12-09 | N/A | 9.8 CRITICAL |
| D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Command Injection via cgibin, ssdpcgi_main. | |||||
| CVE-2022-37056 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-12-09 | N/A | 9.8 CRITICAL |
| D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 is vulnerable to Command Injection via /cgibin, hnap_main, | |||||
| CVE-2022-37055 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-12-09 | N/A | 9.8 CRITICAL |
| D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main, | |||||
| CVE-2025-13305 | 1 Dlink | 10 Dir-825m, Dir-825m Firmware, Dwr-m920 and 7 more | 2025-12-08 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-13304 | 1 Dlink | 10 Dir-825m, Dir-825m Firmware, Dwr-m920 and 7 more | 2025-12-08 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-60854 | 1 Dlink | 2 R15, R15 Firmware | 2025-12-06 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in D-Link R15 (AX1500) 1.20.01 and below. By manipulating the model name parameter during a password change request in the web administrator page, it is possible to trigger a command injection in httpd. | |||||
| CVE-2025-13547 | 1 Dlink | 4 Dir-822k, Dir-822k Firmware, Dwr-m920 and 1 more | 2025-12-02 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used. | |||||
| CVE-2025-13549 | 1 Dlink | 2 Dir-822k, Dir-822k Firmware | 2025-12-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DIR-822K 1.00. This issue affects the function sub_455524 of the file /boafrm/formNtp. Performing manipulation of the argument submit-url results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | |||||
| CVE-2025-13548 | 1 Dlink | 4 Dir-822k, Dir-822k Firmware, Dwr-m920 and 1 more | 2025-12-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This vulnerability affects unknown code of the file /boafrm/formFirewallAdv. Such manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-13550 | 1 Dlink | 4 Dir-822k, Dir-822k Firmware, Dwr-m920 and 1 more | 2025-12-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-13551 | 1 Dlink | 4 Dir-822k, Dir-822k Firmware, Dwr-m920 and 1 more | 2025-12-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-13552 | 1 Dlink | 4 Dir-822k, Dir-822k Firmware, Dwr-m920 and 1 more | 2025-12-02 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The impacted element is an unknown function of the file /boafrm/formWlEncrypt. The manipulation of the argument submit-url results in buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-8155 | 1 Dlink | 2 Dcs-6010l, Dcs-6010l Firmware | 2025-12-01 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in D-Link DCS-6010L 1.15.03 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /vb.htm of the component Management Application. The manipulation of the argument paratest leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2018-25120 | 1 Dlink | 2 Dns-343, Dns-343 Firmware | 2025-11-28 | N/A | 9.8 CRITICAL |
| D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a command injection vulnerability in the Mail Test functionality. The web maintenance script posts to the internal goForm endpoint '/goform/Mail_Test' and uses several form parameters directly in a call to a system email utility without proper input validation. An unauthenticated remote attacker can supply crafted form data that injects shell commands, resulting in execution as root on the device. NOTE: The DNS-343 product line has been declared end-of-life. | |||||
| CVE-2022-50596 | 1 Dlink | 2 Dir-1260, Dir-1260 Firmware | 2025-11-28 | N/A | 9.8 CRITICAL |
| D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command injection vulnerability within the web management interface that allows for unauthenticated attackers to execute arbitrary commands on the device with root privileges. The flaw specifically exists within the SetDest/Dest/Target arguments to the GetDeviceSettings form. The management interface is accessible over HTTP and HTTPS on the local and Wi-Fi networks and optionally from the Internet. | |||||
| CVE-2025-13562 | 1 Dlink | 2 Dir-852, Dir-852 Firmware | 2025-11-26 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in D-Link DIR-852 1.00. This issue affects some unknown processing of the file /gena.cgi. Such manipulation of the argument service leads to command injection. The attack can be executed remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-13553 | 1 Dlink | 2 Dwr-m920, Dwr-m920 Firmware | 2025-11-26 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in D-Link DWR-M920 1.1.50. This affects the function sub_41C7FC of the file /boafrm/formPinManageSetup. This manipulation of the argument submit-url causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. | |||||