Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
d-link vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2021-26709
D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote malicious users to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that are no longer supp...
D-link Dsl-320b-d1
9
CVSSv2
CVE-2018-10747
An issue exists on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'unset <node_name>' function and cause memory co...
D-link Dsl-3782 Firmware 1.01
9
CVSSv2
CVE-2018-10748
An issue exists on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'show' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'show <node_name>' function and cause memory corru...
D-link Dsl-3782 Firmware 1.01
5
CVSSv2
CVE-2020-9544
An issue exists on D-Link DSL-2640B E1 EU_1.01 devices. The administrative interface doesn't perform authentication checks for a firmware-update POST request. Any attacker that can access the administrative interface can install firmware of their choice.
D-link Dsl-2640b Firmware E1 Eu 1.01
4.3
CVSSv2
CVE-2019-17663
D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessage in the device common gateway interface, leading to common injection.
D-link Dir-866l Firmware 1.03b04
9
CVSSv2
CVE-2018-16408
D-Link DIR-846 devices with firmware 100.26 allow remote malicious users to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access.
D-link Dir-846 Firmware 100.26
5
CVSSv2
CVE-2002-1069
The remote administration capability for the D-Link DI-804 router 4.68 allows remote malicious users to bypass authentication and release DHCP addresses or obtain sensitive information via a direct web request to the pages (1) release.htm, (2) Device Status, or (3) Device Informa...
D-link Di-804 4.68
6.5
CVSSv2
CVE-2018-10431
D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen.
D-link Dir-615 Firmware 2.5.17
8.5
CVSSv2
CVE-2017-5633
Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote malicious users to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted requests to CGI progr...
D-link Di-524 Firmware 9.01
1 EDB exploit
1 Github repository
4.3
CVSSv2
CVE-2017-10676
On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter.
D-link Dir-600m Firmware Fw3.05b01
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »