Filtered by vendor D-link Subscriptions
Total 228 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-11959 2 D-link, Dlink 3 Dir-605l, Dir-605l, Dir-605l Firmware 2024-12-04 8.8 High
A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-11960 2 D-link, Dlink 3 Dir-605l, Dir-605l, Dir-605l Firmware 2024-12-04 8.8 High
A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-32223 2 D-link, Dlink 3 Dsl-224 Firmware, Dsl-224, Dsl-224 Firmware 2024-11-27 8.8 High
D-Link DSL-224 firmware version 3.0.10 allows post authentication command execution via an unspecified method.
CVE-2023-26615 2 D-link, Dlink 3 Dir-823g, Dir-823g, Dir-823g Firmware 2024-11-27 7.5 High
D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from the SetMultipleActions API, allowing unauthorized attackers to reset the WEB page management password.
CVE-2023-32222 2 D-link, Dlink 3 Dsl-g256dg, Dsl-g256dg, Dsl-g256dg Firmware 2024-11-27 9.8 Critical
D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method.
CVE-2023-32224 2 D-link, Dlink 3 Dsl-224 Firmware, Dsl-224, Dsl-224 Firmware 2024-11-27 9.8 Critical
D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts
CVE-2023-26613 2 D-link, Dlink 3 Dir-823g, Dir-823g, Dir-823g Firmware 2024-11-27 9.8 Critical
An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted GET request to EXCU_SHELL.
CVE-2023-26616 2 D-link, Dlink 3 Dir-823g, Dir-823g, Dir-823g Firmware 2024-11-27 9.8 Critical
D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the URL field in SetParentsControlInfo.
CVE-2023-26612 2 D-link, Dlink 3 Dir-823g, Dir-823g, Dir-823g Firmware 2024-11-27 9.8 Critical
D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the HostName field in SetParentsControlInfo.
CVE-2024-28731 2 D-link, Dlink 3 Dwr-2000m Firmware, Dwr-2000m, Dwr-2000m Firmware 2024-11-22 7.3 High
Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the Port forwarding option.
CVE-2024-28729 2 D-link, Dlink 3 Dwr-2000m Firmware, Dwr-2000m, Dwr-2000m Firmware 2024-11-22 7.8 High
An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request.
CVE-2024-28730 2 D-link, Dlink 3 Dwr-2000m Firmware, Dwr-2000m, Dwr-2000m Firmware 2024-11-22 4.6 Medium
Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the file upload feature of the VPN configuration module.
CVE-2024-52739 1 D-link 1 Di-8400 Firmware 2024-11-21 8 High
D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE) vulnerabilities in the msp_info_htm function via the flag and cmd parameters.
CVE-2024-34950 1 D-link 1 Dir-822 2024-11-21 7.5 High
D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer overflow vulnerability in the SetNetworkTomographySettings module.
CVE-2024-33345 1 D-link 1 Dir-823g 2024-11-21 6.5 Medium
D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer dereference in the main function of upload_firmware.cgi, which allows remote attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-33344 1 D-link 1 Dir-822 2024-11-21 9.8 Critical
D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell.
CVE-2024-33342 1 D-link 1 Dir-822 2024-11-21 7.5 High
D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell.
CVE-2024-0921 2 D-link, Dlink 3 Dir-816 A2, Dir-816 A2, Dir-816 A2 Firmware 2024-11-21 4.7 Medium
A vulnerability has been found in D-Link DIR-816 A2 1.10CNB04 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setDeviceSettings of the component Web Interface. The manipulation of the argument statuscheckpppoeuser leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252139.
CVE-2023-45579 2 D-link, Dlink 21 Di-7003gv2.d1, Di-700g Plus V2.d1, Di-7100g.v2.d1 and 18 more 2024-11-21 9.8 Critical
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip/type parameter of the jingx.asp function.
CVE-2023-45578 2 D-link, Dlink 21 Di-7003gv2.d1, Di-7100g.v2.d1, Di-7100gv2.d1 and 18 more 2024-11-21 9.8 Critical
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the pap_en/chap_en parameter of the pppoe_base.asp function.