Filtered by vendor D-link Subscriptions
Total 228 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2006-5537 1 D-link 1 Dsl-g624t 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allow remote attackers to inject arbitrary web script or HTML via the (1) upnp:settings/state or (2) upnp:settings/connection parameters.
CVE-2006-5536 1 D-link 1 Dsl-g624t 2024-11-21 N/A
Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter.
CVE-2006-3687 2 D-link, Dlink 7 Di-604 Broadband Router, Di-784, Ebr-2310 Ethernet Broadband Router and 4 more 2024-11-21 N/A
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900.
CVE-2006-2901 1 D-link 1 Dwl-2100ap 2024-11-21 N/A
The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords.
CVE-2006-2653 1 D-link 1 Dsa-3100 Airspot Gateway 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter.
CVE-2006-2337 1 D-link 1 Dsl-g604t 2024-11-21 N/A
Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wireless ADSL Router Modem allows remote attackers to read arbitrary files via an absolute path in the getpage parameter.
CVE-2006-0784 1 D-link 1 Dwl-g700ap 2024-11-21 N/A
D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of "GET" followed by a space and two newlines, possibly triggering the crash due to missing arguments.
CVE-2005-4723 2 D-link, Dlink 4 Di-524, Di-784, Di-524 and 1 more 2024-11-21 N/A
D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment.
CVE-2005-1680 1 D-link 4 Dsl-502t, Dsl-504t, Dsl-562t and 1 more 2024-11-21 N/A
D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firmwarecfg is executed, allows remote attackers to bypass authentication (1) if their IP address already exists in /var/tmp/fw_ip or (2) if their request is the first, which causes /var/tmp/fw_ip to be created and contain their IP address.
CVE-2004-1650 1 D-link 1 Dcs-900 Internet Camera 2024-11-21 N/A
D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet.
CVE-2004-0661 1 D-link 3 Di-604, Di-614\+, Di-624 2024-11-21 N/A
Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid for thirteen or more years.
CVE-2004-0615 2 D-link, Dlink 3 Di-614\+, Di-704p, Di-624 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request.
CVE-2003-1346 1 D-link 1 Dwl-900ap\+ 2024-11-21 N/A
D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager.
CVE-2003-1264 2 D-link, Longshine Technologie 2 Di-614\+, Longshine Wireless Ethernet Access Point 2024-11-21 N/A
TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img) and other files without authentication.
CVE-2002-2137 5 Alloy, D-link, Eusso and 2 more 5 Gl-2422ap-s, Dwl-900ap\+, Gl2422 Ap and 2 more 2024-11-21 N/A
GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and possibly OEM products such as (2) D-Link DWL-900AP+ B1 2.1 and 2.2, (3) ALLOY GL-2422AP-S, (4) EUSSO GL2422-AP, and (5) LINKSYS WAP11-V2.2, allow remote attackers to obtain sensitive information like WEP keys, the administrator password, and the MAC filter via a "getsearch" request to UDP port 27155.
CVE-2002-1865 2 D-link, Linksys 4 Di-804, Dl-704, Befw11s4 and 1 more 2024-11-21 N/A
Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4.68, Dl-704 V2.56b6, and Dl-704 V2.56b5 and (2) Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 through 1.42.7 and Linksys WAP11 1.3 and 1.4, allows remote attackers to cause a denial of service (crash) via a long header, as demonstrated using the Host header.
CVE-2002-1069 1 D-link 1 Di-804 2024-11-21 N/A
The remote administration capability for the D-Link DI-804 router 4.68 allows remote attackers to bypass authentication and release DHCP addresses or obtain sensitive information via a direct web request to the pages (1) release.htm, (2) Device Status, or (3) Device Information.
CVE-2002-1068 1 D-link 1 Dp-303 2024-11-21 N/A
The web server for D-Link DP-300 print server allows remote attackers to cause a denial of service (hang) via a large HTTP POST request.
CVE-2001-1221 1 D-link 1 Dwl-1000ap 2024-11-21 N/A
D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses a default SNMP community string of 'public' which allows remote attackers to gain sensitive information.
CVE-2001-1220 1 D-link 1 Dwl-1000ap 2024-11-21 N/A
D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges.