Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
d-link vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-10750
An issue exists on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet <node_name attr>' function and cau...
D-link Dsl-3782 Firmware 1.01
7.5
CVSSv3
CVE-2018-18442
D-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-service (DoS) attacks. An attacker can harm the device availability (i.e., live-online video/audio streaming) by using the hping3 tool to perform an IPv4 flood attack. Verified atta...
D-link Dcs-825l Firmware 1.08
NA
CVE-2010-0936
Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote malicious users to inject arbitrary web script or HTML via the nickname parameter.
D-link Dkvm-ip8 2282 Dlinka4 P8 20071213
2 EDB exploits
9.8
CVSSv3
CVE-2018-20305
D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lead to a stack-based buffer overflow and overwrite a return address.
D-link Dir-816 A2 Firmware 1.10b05
NA
CVE-2006-6538
D-LINK DWL-2000AP+ firmware 2.11 allows remote malicious users to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the wireless link.
D-link Dwl-2000ap\\+ 2.11
1 EDB exploit
8.8
CVSSv3
CVE-2018-8941
Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. 1.01 has a buffer overflow, allowing authenticated remote malicious users to execute arbitrary code via a long Addr value to the 'set Diagnostics_Entry' function in an HTTP request, related to /use...
D-link Dsl-3782 Firmware 1.01
1 Github repository
5.3
CVSSv3
CVE-2021-33259
Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for malicious users to obtain users' DNS query history.
D-link Dir-868lw Firmware 1.12b
9.8
CVSSv3
CVE-2019-9125
An issue exists on D-Link DIR-878 1.12B01 devices. Because strncpy is misused, there is a stack-based buffer overflow vulnerability that does not require authentication via the HNAP_AUTH HTTP header.
D-link Dir-878 Firmware 1.12b01
6.1
CVSSv3
CVE-2017-10676
On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter.
D-link Dir-600m Firmware Fw3.05b01
NA
CVE-2001-1221
D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses a default SNMP community string of 'public' which allows remote malicious users to gain sensitive information.
D-link Dwl-1000ap 3.2.28 483
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »