Filtered by vendor Dlink
Subscriptions
Total
1312 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-24321 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-06-20 | 9.8 Critical |
| An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function. | ||||
| CVE-2024-22853 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-06-20 | 9.8 Critical |
| D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session. | ||||
| CVE-2024-22751 | 1 Dlink | 2 Dir-882 A1, Dir-882 A1 Firmware | 2025-06-20 | 9.8 Critical |
| D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the sub_477AA0 function. | ||||
| CVE-2023-51987 | 1 Dlink | 2 Dir-822, Dir-822 Firmware | 2025-06-20 | 9.8 Critical |
| D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords. | ||||
| CVE-2023-51123 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2025-06-20 | 9.8 Critical |
| An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component. | ||||
| CVE-2023-5150 | 1 Dlink | 4 Dar-7000, Dar-7000 Firmware, Dar-8000 and 1 more | 2025-06-18 | 6.3 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /useratte/web.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-240246 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | ||||
| CVE-2024-23624 | 1 Dlink | 2 Dap-1650, Dap-1650 Firmware | 2025-06-17 | 9.6 Critical |
| A command injection vulnerability exists in the gena.cgi module of D-Link DAP-1650 devices. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. | ||||
| CVE-2024-27683 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-06-17 | 9.8 Critical |
| D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function hnap_main. An attacker can send a POST request to trigger the vulnerablilify. | ||||
| CVE-2025-6114 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2025-06-17 | 8.8 High |
| A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. Affected by this vulnerability is the function form_portforwarding of the file /goform/form_portforwarding. The manipulation of the argument ingress_name_%d/sched_name_%d/name_%d leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-6115 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2025-06-17 | 8.8 High |
| A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. Affected by this issue is the function form_macfilter. The manipulation of the argument mac_hostname_%d/sched_name_%d leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2022-31414 | 1 Dlink | 2 Dir-1960, Dir-1960 Firmware | 2025-06-17 | 7.5 High |
| D-Link DIR-1960 firmware DIR-1960_A1_1.11 was discovered to contain a buffer overflow via srtcat in prog.cgi. This vulnerability allowed attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||||
| CVE-2025-6121 | 1 Dlink | 2 Dir-632, Dir-632 Firmware | 2025-06-17 | 9.8 Critical |
| A vulnerability, which was classified as critical, has been found in D-Link DIR-632 FW103B08. Affected by this issue is the function get_pure_content of the component HTTP POST Request Handler. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-41603 | 1 Dlink | 2 R15, R15 Firmware | 2025-06-17 | 5.3 Medium |
| D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This allows attackers to arbitrarily access any services running on the device that may be inadvertently listening via IPv6. | ||||
| CVE-2024-29366 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2025-06-17 | 8.8 High |
| A command injection vulnerability exists in the cgibin binary in DIR-845L router firmware <= v1.01KRb03. | ||||
| CVE-2024-29385 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2025-06-17 | 9.0 Critical |
| DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function. | ||||
| CVE-2023-51984 | 1 Dlink | 2 Dir-822, Dir-822 Firmware | 2025-06-16 | 9.8 Critical |
| D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. allows remote attackers to execute arbitrary commands via shell. | ||||
| CVE-2025-5912 | 1 Dlink | 2 Dir-632, Dir-632 Firmware | 2025-06-16 | 8.8 High |
| A vulnerability was found in D-Link DIR-632 FW103B08. It has been declared as critical. This vulnerability affects the function do_file of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2020-25506 | 1 Dlink | 2 Dns-320, Dns-320 Firmware | 2025-06-10 | 9.8 Critical |
| D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution. | ||||
| CVE-2025-5573 | 1 Dlink | 2 Dcs-932l, Dcs-932l Firmware | 2025-06-06 | 6.3 Medium |
| A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by this issue is the function setSystemWizard/setSystemControl of the file /setSystemWizard. The manipulation of the argument AdminID leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-5572 | 1 Dlink | 2 Dcs-932l, Dcs-932l Firmware | 2025-06-06 | 8.8 High |
| A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. Affected by this vulnerability is the function setSystemEmail of the file /setSystemEmail. The manipulation of the argument EmailSMTPPortNumber leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||