Filtered by vendor Dlink
Subscribe
Total
846 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37134 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wantype is 3, l2tp_usrname will be decrypted by base64, and the result will be stored in v94, which does not check the size of l2tp_usrname, resulting in stack overflow. | |||||
| CVE-2022-37123 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2023-08-08 | N/A | 8.8 HIGH |
| D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi. | |||||
| CVE-2022-32092 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi. | |||||
| CVE-2022-36620 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2023-08-08 | N/A | 7.5 HIGH |
| D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /goform/addRouting. | |||||
| CVE-2022-34527 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2023-08-08 | N/A | 8.8 HIGH |
| D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via the function byte_4C0160. | |||||
| CVE-2022-28571 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2023-08-08 | 5.8 MEDIUM | 9.8 CRITICAL |
| D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli. | |||||
| CVE-2022-48107 | 1 Dlink | 2 Dir 878, Dir 878 Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress. This vulnerability allows attackers to escalate privileges to root via a crafted payload. | |||||
| CVE-2022-38557 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. | |||||
| CVE-2022-37056 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 is vulnerable to Command Injection via /cgibin, hnap_main, | |||||
| CVE-2022-28896 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | |||||
| CVE-2022-37057 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Command Injection via cgibin, ssdpcgi_main. | |||||
| CVE-2022-28895 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | |||||
| CVE-2022-28901 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | |||||
| CVE-2022-37129 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2023-08-08 | N/A | 8.8 HIGH |
| D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte_4836B0 by snprintf, and finally doSystem(&byte_4836B0); will be executed, resulting in a command injection. | |||||
| CVE-2022-37130 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerability | |||||
| CVE-2022-30521 | 1 Dlink | 2 Dir-890l, Dir-890l Firmware | 2023-08-01 | 10.0 HIGH | 9.8 CRITICAL |
| The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users easily. The attackers can exploit the vulnerability to carry out arbitrary code by means of sending a specially constructed payload to port 49152. | |||||
| CVE-2023-37791 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2023-07-27 | N/A | 9.8 CRITICAL |
| D-Link DIR-619L v2.04(TW) was discovered to contain a stack overflow via the curTime parameter at /goform/formLogin. | |||||
| CVE-2022-44808 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2023-07-13 | N/A | 9.8 CRITICAL |
| A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability. | |||||
| CVE-2023-26612 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2023-07-06 | N/A | 9.8 CRITICAL |
| D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the HostName field in SetParentsControlInfo. | |||||
| CVE-2023-26613 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2023-07-06 | N/A | 9.8 CRITICAL |
| An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted GET request to EXCU_SHELL. | |||||