Filtered by vendor Dlink
Subscriptions
Total
1132 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27248 | 1 Dlink | 2 Dap-2020, Dap-2020 Firmware | 2024-11-21 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the getpage parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10932. | ||||
| CVE-2021-27114 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the"'s_ip" and "s_mac" fields could lead to a Stack-Based Buffer Overflow and overwrite the return address. | ||||
| CVE-2021-27113 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters. | ||||
| CVE-2021-26810 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | 9.8 Critical |
| D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi, which can lead to command injection via shell metacharacters in the statuscheckpppoeuser parameter. | ||||
| CVE-2021-21913 | 1 Dlink | 2 Dir-3040, Dir-3040 Firmware | 2024-11-21 | 9.8 Critical |
| An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to command execution. An attacker can connect to the MQTT service to trigger this vulnerability. | ||||
| CVE-2021-21820 | 1 Dlink | 2 Dir-3040, Dir-3040 Firmware | 2024-11-21 | 9.8 Critical |
| A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2021-21819 | 1 Dlink | 2 Dir-3040, Dir-3040 Firmware | 2024-11-21 | 7.2 High |
| A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2021-21818 | 1 Dlink | 2 Dir-3040, Dir-3040 Firmware | 2024-11-21 | 7.5 High |
| A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2021-21817 | 1 Dlink | 2 Dir-3040, Dir-3040 Firmware | 2024-11-21 | 7.5 High |
| An information disclosure vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2021-21816 | 1 Dlink | 2 Dir-3040, Dir-3040 Firmware | 2024-11-21 | 4.3 Medium |
| An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2021-20697 | 1 Dlink | 2 Dap-1880ac, Dap-1880ac Firmware | 2024-11-21 | 9.8 Critical |
| Missing authentication for critical function in DAP-1880AC firmware version 1.21 and earlier allows a remote attacker to login to the device as an authenticated user without the access privilege via unspecified vectors. | ||||
| CVE-2021-20696 | 1 Dlink | 2 Dap-1880ac, Dap-1880ac Firmware | 2024-11-21 | 8.8 High |
| DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program. | ||||
| CVE-2021-20695 | 1 Dlink | 2 Dap-1880ac, Dap-1880ac Firmware | 2024-11-21 | 8.8 High |
| Improper following of a certificate's chain of trust vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to gain root privileges via unspecified vectors. | ||||
| CVE-2021-20694 | 1 Dlink | 2 Dap-1880ac, Dap-1880ac Firmware | 2024-11-21 | 8.8 High |
| Improper access control vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to bypass access restriction and to start a telnet service via unspecified vectors. | ||||
| CVE-2021-20134 | 1 Dlink | 2 Dir-2640-us, Dir-2640-us Firmware | 2024-11-21 | 8.4 High |
| Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set an arbitrary file on the router's filesystem as the log file used by either Quagga service (zebra or ripd). Subsequent log messages will be appended to the file, prefixed by a timestamp and some logging metadata. Remote code execution can be achieved by using this vulnerability to append to a shell script on the router's filesystem, and then awaiting or triggering the execution of that script. A remote, unauthenticated root shell can easily be obtained on the device in this fashion. | ||||
| CVE-2021-20133 | 1 Dlink | 2 Dir-2640-us, Dir-2640-us Firmware | 2024-11-21 | 6.1 Medium |
| Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set the "message of the day" banner to any file on the system, allowing them to read all or some of the contents of those files. Such sensitive information as hashed credentials, hardcoded plaintext passwords for other services, configuration files, and private keys can be disclosed in this fashion. Improper handling of filenames that identify virtual resources, such as "/dev/urandom" allows an attacker to effect a denial of service attack against the command line interfaces of the Quagga services (zebra and ripd). | ||||
| CVE-2021-20132 | 1 Dlink | 2 Dir-2640-us, Dir-2640-us Firmware | 2024-11-21 | 8.8 High |
| Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router (i.e., as the "admin" user, UID 0). | ||||
| CVE-2020-9535 | 1 Dlink | 2 Dir-615jx10, Dir-615jx10 Firmware | 2024-11-21 | 8.8 High |
| fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup_Wizard webpage parameter when f_radius_ip1 is malformed. | ||||
| CVE-2020-9534 | 1 Dlink | 2 Dir-615jx10, Dir-615jx10 Firmware | 2024-11-21 | 8.8 High |
| fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup webpage parameter when f_radius_ip1 is malformed. | ||||
| CVE-2020-9376 | 1 Dlink | 2 Dir-610, Dir-610 Firmware | 2024-11-21 | 7.5 High |
| D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||