Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
d-link vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2006-2901
The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and previous versions allows remote malicious users to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords.
D-link Dwl-2100ap
1 EDB exploit
4.3
CVSSv2
CVE-2018-7698
An issue exists in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05.04 devices. The mydlink+ app sends the username and password for connected D-Link cameras (such as DCS-933L and DCS-934L) unencrypted from the app to the camera, allowing malicious users to ...
D-link Mydlink\\+ 3.8.5
6.8
CVSSv2
CVE-2017-7851
D-Link DCS-936L devices with firmware prior to 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header.
D-link Dcs-936l
1 EDB exploit
10
CVSSv2
CVE-2014-7858
The check_login function in D-Link DNR-326 prior to 2.10 build 03 allows remote malicious users to bypass authentication and log in by setting the username cookie parameter to an arbitrary string.
D-link Dnr-326 Firmware
6.8
CVSSv2
CVE-2017-7398
D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an malicious user to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option ...
D-link Dir-615 Firmware 20.09
1 EDB exploit
6.5
CVSSv2
CVE-2018-10713
An issue exists on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'read' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'read <node_name>' function and cause memory corru...
D-link Dsl-3782 Firmware 1.01
7.8
CVSSv2
CVE-2006-6538
D-LINK DWL-2000AP+ firmware 2.11 allows remote malicious users to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the wireless link.
D-link Dwl-2000ap\\+ 2.11
1 EDB exploit
5
CVSSv2
CVE-2020-9544
An issue exists on D-Link DSL-2640B E1 EU_1.01 devices. The administrative interface doesn't perform authentication checks for a firmware-update POST request. Any attacker that can access the administrative interface can install firmware of their choice.
D-link Dsl-2640b Firmware E1 Eu 1.01
7.5
CVSSv2
CVE-2018-20305
D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lead to a stack-based buffer overflow and overwrite a return address.
D-link Dir-816 A2 Firmware 1.10b05
10
CVSSv2
CVE-2001-1220
D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote malicious users to gain administrative privileges.
D-link Dwl-1000ap 3.2.28 483
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »