Filtered by vendor D-link
Subscriptions
Total
228 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2006-5537 | 1 D-link | 1 Dsl-g624t | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allow remote attackers to inject arbitrary web script or HTML via the (1) upnp:settings/state or (2) upnp:settings/connection parameters. | ||||
CVE-2006-5536 | 1 D-link | 1 Dsl-g624t | 2024-11-21 | N/A |
Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter. | ||||
CVE-2006-3687 | 2 D-link, Dlink | 7 Di-604 Broadband Router, Di-784, Ebr-2310 Ethernet Broadband Router and 4 more | 2024-11-21 | N/A |
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900. | ||||
CVE-2006-2901 | 1 D-link | 1 Dwl-2100ap | 2024-11-21 | N/A |
The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords. | ||||
CVE-2006-2653 | 1 D-link | 1 Dsa-3100 Airspot Gateway | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter. | ||||
CVE-2006-2337 | 1 D-link | 1 Dsl-g604t | 2024-11-21 | N/A |
Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wireless ADSL Router Modem allows remote attackers to read arbitrary files via an absolute path in the getpage parameter. | ||||
CVE-2006-0784 | 1 D-link | 1 Dwl-g700ap | 2024-11-21 | N/A |
D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of "GET" followed by a space and two newlines, possibly triggering the crash due to missing arguments. | ||||
CVE-2005-4723 | 2 D-link, Dlink | 4 Di-524, Di-784, Di-524 and 1 more | 2024-11-21 | N/A |
D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment. | ||||
CVE-2005-1680 | 1 D-link | 4 Dsl-502t, Dsl-504t, Dsl-562t and 1 more | 2024-11-21 | N/A |
D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firmwarecfg is executed, allows remote attackers to bypass authentication (1) if their IP address already exists in /var/tmp/fw_ip or (2) if their request is the first, which causes /var/tmp/fw_ip to be created and contain their IP address. | ||||
CVE-2004-1650 | 1 D-link | 1 Dcs-900 Internet Camera | 2024-11-21 | N/A |
D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet. | ||||
CVE-2004-0661 | 1 D-link | 3 Di-604, Di-614\+, Di-624 | 2024-11-21 | N/A |
Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid for thirteen or more years. | ||||
CVE-2004-0615 | 2 D-link, Dlink | 3 Di-614\+, Di-704p, Di-624 | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request. | ||||
CVE-2003-1346 | 1 D-link | 1 Dwl-900ap\+ | 2024-11-21 | N/A |
D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager. | ||||
CVE-2003-1264 | 2 D-link, Longshine Technologie | 2 Di-614\+, Longshine Wireless Ethernet Access Point | 2024-11-21 | N/A |
TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img) and other files without authentication. | ||||
CVE-2002-2137 | 5 Alloy, D-link, Eusso and 2 more | 5 Gl-2422ap-s, Dwl-900ap\+, Gl2422 Ap and 2 more | 2024-11-21 | N/A |
GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and possibly OEM products such as (2) D-Link DWL-900AP+ B1 2.1 and 2.2, (3) ALLOY GL-2422AP-S, (4) EUSSO GL2422-AP, and (5) LINKSYS WAP11-V2.2, allow remote attackers to obtain sensitive information like WEP keys, the administrator password, and the MAC filter via a "getsearch" request to UDP port 27155. | ||||
CVE-2002-1865 | 2 D-link, Linksys | 4 Di-804, Dl-704, Befw11s4 and 1 more | 2024-11-21 | N/A |
Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4.68, Dl-704 V2.56b6, and Dl-704 V2.56b5 and (2) Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 through 1.42.7 and Linksys WAP11 1.3 and 1.4, allows remote attackers to cause a denial of service (crash) via a long header, as demonstrated using the Host header. | ||||
CVE-2002-1069 | 1 D-link | 1 Di-804 | 2024-11-21 | N/A |
The remote administration capability for the D-Link DI-804 router 4.68 allows remote attackers to bypass authentication and release DHCP addresses or obtain sensitive information via a direct web request to the pages (1) release.htm, (2) Device Status, or (3) Device Information. | ||||
CVE-2002-1068 | 1 D-link | 1 Dp-303 | 2024-11-21 | N/A |
The web server for D-Link DP-300 print server allows remote attackers to cause a denial of service (hang) via a large HTTP POST request. | ||||
CVE-2001-1221 | 1 D-link | 1 Dwl-1000ap | 2024-11-21 | N/A |
D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses a default SNMP community string of 'public' which allows remote attackers to gain sensitive information. | ||||
CVE-2001-1220 | 1 D-link | 1 Dwl-1000ap | 2024-11-21 | N/A |
D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges. |