Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog Docs About Contact

d-link vulnerabilities and exploits

(subscribe to this query)
6.5
CVSSv3

CVE-2024-6044

Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL.
D-link G403D-link G415D-link G416D-link M18D-link R03D-link R04D-link R12D-link R18D-link E30D-link M30D-link M32D-link M60
9.8
CVSSv3

CVE-2014-7857

D-Link DNS-320L firmware prior to 1.04b12, DNS-327L prior to 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote malicious users to bypass authentication and log in with administrator permissions by passing the...
D-link Dns-322l FirmwareD-link Dns-325 FirmwareD-link Dns-345 FirmwareD-link Dns-320b FirmwareD-link Dnr-326 FirmwareD-link Dns-327l FirmwareD-link Dns-320l Firmware
7.5
CVSSv2

CVE-2005-1680

D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firmwarecfg is executed, allows remote malicious users to bypass authentication (1) if their IP address already exists in /var/tmp/fw_ip or (2) if their request is the first, which causes /var/tmp/fw_ip to be creat...
D-link Dsl-502tD-link Dsl-504tD-link Dsl-562tD-link Dsl-g604t
9.8
CVSSv3

CVE-2014-7859

Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW prior to 1.04b08, DNR-322L prior to 2.10 build 03, DNR-326 prior to 2.10 build 03, and DNS-327L prior to 1.04b01 allows remote malicious users to execute arbitrary code by crafting malformed &q...
D-link Dns-322l FirmwareD-link Dns-320lw FirmwareD-link Dnr-326 FirmwareD-link Dns-327l FirmwareD-link Dnr-320l Firmware
9.8
CVSSv3

CVE-2016-5681

Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 prior to 2.07WWB05, DIR-817 Ax, DIR-818LW Bx prior to 2.05b03beta03, DIR-822 C1 3.01 prior to 3.01WWb02, DIR-823 A1 1.00 prior to 1.00WWb05, DIR-895L A1 1.11 prior to 1.11WWb04, DIR-890L A1 1.09 prior to 1.09...
Dlink Dir-868l FirmwareDlink Dir-822 Firmware 3.01D-link Dir-880l FirmwareD-link Dir-850l FirmareD-link Dir-895l FirmwareD-link Dir-817l(w) FirmwareD-link Dir-818l(w) FirmwareD-link Dir-890l FirmwareD-link Dir-823 FirmwareD-link Dir-885l Firmware
6.1
CVSSv3

CVE-2018-6212

On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filtration for special characters in the "Search" fiel...
D-link Dir-620 Firmware 1.0.3D-link Dir-620 Firmware 1.0.37D-link Dir-620 Firmware 1.3.1D-link Dir-620 Firmware 1.3.3D-link Dir-620 Firmware 1.3.7D-link Dir-620 Firmware 1.4.0D-link Dir-620 Firmware 2.0.22
9.8
CVSSv3

CVE-2018-6213

In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account.
D-link Dir-620 Firmware 1.0.3D-link Dir-620 Firmware 1.0.37D-link Dir-620 Firmware 1.3.1D-link Dir-620 Firmware 1.3.3D-link Dir-620 Firmware 1.3.7D-link Dir-620 Firmware 1.4.0D-link Dir-620 Firmware 2.0.22
7.2
CVSSv3

CVE-2018-6211

On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi.
D-link Dir-620 Firmware 1.0.3D-link Dir-620 Firmware 1.0.37D-link Dir-620 Firmware 1.3.1D-link Dir-620 Firmware 1.3.3D-link Dir-620 Firmware 1.3.7D-link Dir-620 Firmware 1.4.0D-link Dir-620 Firmware 2.0.22
7.8
CVSSv2

CVE-2007-3347

The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote malicious users to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID.
D-link Dph-540 1.00.03D-link Dph-540 1.00.14D-link Dph-541 1.00.03D-link Dph-541 1.00.14
7.8
CVSSv2

CVE-2007-3348

The D-Link DPH-540/DPH-541 phone allows remote malicious users to cause a denial of service (device outage) via a malformed SDP header in a SIP INVITE message.
D-link Dph-540 1.00.03D-link Dph-540 1.00.14D-link Dph-541 1.00.03D-link Dph-541 1.00.14
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-3248thanhtungtntremote code executioncodepen embed blockCVE-2025-6354chris coyierCVE-2025-50025nitin yawalkarcode executionCVE-2025-50038CVE-2023-0386cross-site scriptingCVE-2025-6351
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook