Filtered by vendor Dlink
Subscriptions
Total
1129 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18008 | 1 Dlink | 14 Dir-140l, Dir-140l Firmware, Dir-640l and 11 more | 2024-11-21 | N/A |
| spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials. | ||||
| CVE-2018-18007 | 1 Dlink | 2 Dsl-2770l, Dsl-2770l Firmware | 2024-11-21 | 9.8 Critical |
| atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials. | ||||
| CVE-2018-17990 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2024-11-21 | N/A |
| An issue was discovered on D-Link DSL-3782 devices with firmware 1.01. An OS command injection vulnerability in Acl.asp allows a remote authenticated attacker to execute arbitrary OS commands via the ScrIPaddrEndTXT parameter. | ||||
| CVE-2018-17989 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2024-11-21 | N/A |
| A stored XSS vulnerability exists in the web interface on D-Link DSL-3782 devices with firmware 1.01 that allows authenticated attackers to inject a JavaScript or HTML payload inside the ACL page. The injected payload would be executed in a user's browser when "/cgi-bin/New_GUI/Acl.asp" is requested. | ||||
| CVE-2018-17881 | 2 D-link, Dlink | 2 Dir-823g Firmware, Dir-823g | 2024-11-21 | N/A |
| On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change. | ||||
| CVE-2018-17880 | 2 D-link, Dlink | 2 Dir-823g Firmware, Dir-823g | 2024-11-21 | N/A |
| On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 RunReboot commands without authentication to trigger a reboot. | ||||
| CVE-2018-17787 | 2 D-link, Dlink | 2 Dir-823g Firmware, Dir-823g | 2024-11-21 | N/A |
| On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function. | ||||
| CVE-2018-17786 | 2 D-link, Dlink | 2 Dir-823g Firmware, Dir-823g | 2024-11-21 | N/A |
| On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code. | ||||
| CVE-2018-17777 | 1 Dlink | 2 Dva-5592, Dva-5592 Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have access to the router control panel with administrator privileges. | ||||
| CVE-2018-17443 | 1 Dlink | 1 Central Wifimanager | 2024-11-21 | N/A |
| An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS. | ||||
| CVE-2018-17442 | 1 Dlink | 1 Central Wifimanager | 2024-11-21 | N/A |
| An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code. | ||||
| CVE-2018-17441 | 1 Dlink | 1 Central Wifimanager | 2024-11-21 | N/A |
| An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS. | ||||
| CVE-2018-17440 | 1 Dlink | 1 Central Wifimanager | 2024-11-21 | N/A |
| An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request. | ||||
| CVE-2018-17068 | 1 Dlink | 2 Dir-816 A2, Dir-816 A2 Firmware | 2024-11-21 | N/A |
| An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter. | ||||
| CVE-2018-17067 | 1 Dlink | 2 Dir-816 A2, Dir-816 A2 Firmware | 2024-11-21 | N/A |
| An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address. | ||||
| CVE-2018-17066 | 1 Dlink | 2 Dir-816 A2, Dir-816 A2 Firmware | 2024-11-21 | N/A |
| An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter. | ||||
| CVE-2018-17065 | 1 Dlink | 2 Dir-816 A2, Dir-816 A2 Firmware | 2024-11-21 | N/A |
| An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address. | ||||
| CVE-2018-17064 | 1 Dlink | 2 Dir-816 A2, Dir-816 A2 Firmware | 2024-11-21 | N/A |
| An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is invoked. | ||||
| CVE-2018-17063 | 1 Dlink | 2 Dir-816 A2, Dir-816 A2 Firmware | 2024-11-21 | N/A |
| An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters. | ||||
| CVE-2018-16605 | 1 Dlink | 2 Dir-600m, Dir-600m Firmware | 2024-11-21 | 5.4 Medium |
| D-Link DIR-600M devices allow XSS via the Hostname and Username fields in the Dynamic DNS Configuration page. | ||||