Filtered by vendor D-link
Subscriptions
Total
334 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-29516 | 2 D-link, Dlink | 3 Dsl-7740c, Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | 7.2 High |
| D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the backup function. | ||||
| CVE-2025-29517 | 2 D-link, Dlink | 3 Dsl-7740c, Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | 6.8 Medium |
| D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the traceroute6 function. | ||||
| CVE-2025-29519 | 2 D-link, Dlink | 3 Dsl-7740c, Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | 5.3 Medium |
| A command injection vulnerability in the EXE parameter of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to execute arbitrary commands via supplying a crafted GET request. | ||||
| CVE-2025-29520 | 2 D-link, Dlink | 3 Dsl-7740c, Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | 5.3 Medium |
| Incorrect access control in the Maintenance module of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows authenticated attackers with low-level privileges to arbitrarily change the high-privileged account passwords and escalate privileges. | ||||
| CVE-2025-9727 | 1 D-link | 1 Dir-816l | 2025-09-02 | 6.3 Medium |
| A weakness has been identified in D-Link DIR-816L 206b01. Affected by this issue is the function soapcgi_main of the file /soap.cgi. This manipulation of the argument service causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2018-25115 | 1 D-link | 7 Dir-110, Dir-412, Dir-600 and 4 more | 2025-08-29 | N/A |
| Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-08-21 UTC. | ||||
| CVE-2025-55611 | 2 D-link, Dlink | 3 Dir-619l B1, Dir-619l, Dir-619l Firmware | 2025-08-26 | 9.8 Critical |
| D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formLanguageChange function via the nextPage parameter. | ||||
| CVE-2025-55602 | 2 D-link, Dlink | 3 Dir-619l, Dir-619l, Dir-619l Firmware | 2025-08-26 | 9.8 Critical |
| D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formSysCmd function via the submit-url parameter. | ||||
| CVE-2025-55599 | 2 D-link, Dlink | 3 Dir-619l, Dir-619l, Dir-619l Firmware | 2025-08-26 | 9.8 Critical |
| D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formWlanSetup function via the parameter f_wds_wepKey. | ||||
| CVE-2025-29523 | 1 D-link | 1 Dsl-7740c | 2025-08-25 | 7.2 High |
| D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping6 function. | ||||
| CVE-2025-51281 | 1 D-link | 1 Di-8100 | 2025-08-25 | 7 High |
| D-Link DI-8100 16.07.26A1 is vulnerable to Buffer Overflow via the en`, `val and id parameters in the qj_asp function. This vulnerability allows authenticated attackers to cause a Denial of Service (DoS) by sending crafted GET requests with overly long values for these parameters. | ||||
| CVE-2025-9003 | 1 D-link | 1 Dir-818lw | 2025-08-18 | 3.5 Low |
| A vulnerability has been found in D-Link DIR-818LW 1.04. This vulnerability affects unknown code of the file /bsc_lan.php of the component DHCP Reserved Address Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-8956 | 2 D-link, Dlink | 3 Dir-818l, Dir-818l, Dir-818l Firmware | 2025-08-18 | 6.3 Medium |
| A vulnerability was found in D-Link DIR‑818L up to 1.05B01. This issue affects the function getenv of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-9026 | 2 D-link, Dlink | 3 Dir-860l, Dir-860l, Dir-860l Firmware | 2025-08-18 | 7.3 High |
| A vulnerability was identified in D-Link DIR-860L 2.04.B04. This affects the function ssdpcgi_main of the file htdocs/cgibin of the component Simple Service Discovery Protocol. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-8949 | 2 D-link, Dlink | 3 Dir-825, Dir-825, Dir-825 Firmware | 2025-08-18 | 7.2 High |
| A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function get_ping_app_stat of the file ping_response.cgi of the component httpd. The manipulation of the argument ping_ipaddr leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-7911 | 2 D-link, Dlink | 3 Di-8100, Di-8100, Di-8100 Firmware | 2025-08-08 | 8.8 High |
| A vulnerability classified as critical was found in D-Link DI-8100 1.0. This vulnerability affects the function sprintf of the file /upnp_ctrl.asp of the component jhttpd. The manipulation of the argument remove_ext_proto/remove_ext_port leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-44414 | 2 D-link, Dlink | 2 D-view, D-view 8 | 2025-08-07 | N/A |
| D-Link D-View coreservice_action_script Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the coreservice_action_script action. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19573. | ||||
| CVE-2023-44417 | 2 D-link, Dlink | 3 Dap-2622, Dap-2622, Dap-2622 Firmware | 2025-08-07 | N/A |
| D-Link DAP-2622 DDP Set IPv4 Address Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20091. | ||||
| CVE-2023-44410 | 2 D-link, Dlink | 2 D-view, D-view 8 | 2025-08-07 | N/A |
| D-Link D-View showUsers Improper Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the showUsers method. The issue results from the lack of proper authorization before accessing a privileged endpoint. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. . Was ZDI-CAN-19535. | ||||
| CVE-2023-44411 | 2 D-link, Dlink | 2 D-view, D-view 8 | 2025-08-07 | N/A |
| D-Link D-View InstallApplication Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InstallApplication class. The class contains a hard-coded password for the remotely reachable database. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19553. | ||||