Filtered by vendor D-link
Subscriptions
Total
423 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-15357 | 2 D-link, Dlink | 3 Di-7400g+, Di-7400g\+, Di-7400g\+ Firmware | 2026-01-09 | 6.3 Medium |
| A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /msp_info.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The attack can be launched remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-65731 | 1 D-link | 1 Dir-605l | 2026-01-09 | 6.8 Medium |
| An issue was discovered in D-Link Router DIR-605L (Hardware version F1; Firmware version: V6.02CN02) allowing an attacker with physical access to the UART pins to execute arbitrary commands due to presence of root terminal access on a serial interface without proper access control. | ||||
| CVE-2026-0732 | 1 D-link | 1 Di-8200g | 2026-01-09 | 6.3 Medium |
| A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgrade_filter.asp. The manipulation of the argument path results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. | ||||
| CVE-2026-0625 | 1 D-link | 4 Dsl-2640b, Dsl-2740r, Dsl-2780b and 1 more | 2026-01-08 | N/A |
| Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device’s DNS settings without valid credentials, enabling DNS hijacking (“DNSChanger”) attacks that redirect user traffic to attacker-controlled infrastructure. In 2019, D-Link reported that this behavior was leveraged by the "GhostDNS" malware ecosystem targeting consumer and carrier routers. All impacted products were subsequently designated end-of-life/end-of-service, and no longer receive security updates. Exploitation evidence was observed by the Shadowserver Foundation on 2025-11-27 (UTC). | ||||
| CVE-2025-13306 | 2 D-link, Dlink | 12 Dir-822, Dir-825, Dwr-920 and 9 more | 2026-01-08 | 6.3 Medium |
| A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-14884 | 2 D-link, Dlink | 3 Dir-605, Dir-605, Dir-605 Firmware | 2026-01-07 | 7.2 High |
| A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-15245 | 2 D-link, Dlink | 3 Dcs-850l, Dcs-850l, Dcs-850l Firmware | 2026-01-05 | 3.5 Low |
| A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-15194 | 1 D-link | 1 Dir-600 | 2025-12-31 | 9.8 Critical |
| A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-15193 | 2 D-link, Dlink | 3 Dwr-m920, Dwr-m920, Dwr-m920 Firmware | 2025-12-30 | 8.8 High |
| A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. | ||||
| CVE-2025-15192 | 2 D-link, Dlink | 3 Dwr-m920, Dwr-m920, Dwr-m920 Firmware | 2025-12-30 | 6.3 Medium |
| A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fota_url leads to command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-15191 | 2 D-link, Dlink | 3 Dwr-m920, Dwr-m920, Dwr-m920 Firmware | 2025-12-30 | 6.3 Medium |
| A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-15190 | 2 D-link, Dlink | 3 Dwr-m920, Dwr-m920, Dwr-m920 Firmware | 2025-12-30 | 8.8 High |
| A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-15189 | 2 D-link, Dlink | 3 Dwr-m920, Dwr-m920, Dwr-m920 Firmware | 2025-12-30 | 8.8 High |
| A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used. | ||||
| CVE-2023-53974 | 2 D-link, Dlink | 3 Dsl-124, Dsl-124, Dsl-124 Firmware | 2025-12-26 | 7.5 High |
| D-Link DSL-124 ME_1.00 contains a configuration file disclosure vulnerability that allows unauthenticated attackers to retrieve router settings through a POST request. Attackers can send a specific POST request to the router's configuration endpoint to download a complete backup file containing sensitive network credentials and system configurations. | ||||
| CVE-2025-14659 | 1 D-link | 2 Dir-860lb1, Dir-868lb1 | 2025-12-15 | 8.8 High |
| A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03. Affected is an unknown function of the component DHCP Daemon. The manipulation of the argument Hostname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. | ||||
| CVE-2025-13607 | 1 D-link | 1 Dcs-f5614-l1 | 2025-12-12 | 9.4 Critical |
| A malicious actor can access camera configuration information, including account credentials, without authenticating when accessing a vulnerable URL. | ||||
| CVE-2025-14225 | 2 D-link, Dlink | 3 Dcs-930l, Dcs-930l, Dcs-930l Firmware | 2025-12-11 | 6.3 Medium |
| A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-14208 | 1 D-link | 1 Dir-823x | 2025-12-08 | 6.3 Medium |
| A security flaw has been discovered in D-Link DIR-823X up to 20250416. This affects the function sub_415028 of the file /goform/set_wan_settings. The manipulation of the argument ppp_username results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-13305 | 2 D-link, Dlink | 15 Dir-822, Dir-825, Dwr-920 and 12 more | 2025-12-08 | 8.8 High |
| A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-13304 | 2 D-link, Dlink | 15 Dir-825, Dwr-920, Dwr-921 and 12 more | 2025-12-08 | 8.8 High |
| A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. | ||||