Filtered by vendor D-link Subscriptions
Total 228 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-7436 2 D-link, Dlink 3 Di-8100, Di-8100, Di-8100 Firmware 2024-09-11 6.3 Medium
A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07. This issue affects the function msp_info_htm of the file msp_info.htm. The manipulation of the argument cmd leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273521 was assigned to this vulnerability.
CVE-2024-44410 2 D-link, Dlink 3 Di-8300, Di-8300, Di-8300 Firmware 2024-09-10 9.8 Critical
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function.
CVE-2024-44408 2 D-link, Dlink 3 Dir-823g, Dir-823g, Dir-823g Firmware 2024-09-10 7.5 High
D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows unauthorized configuration file downloads, and the downloaded configuration files contain plaintext user passwords.
CVE-2024-44402 2 D-link, Dlink 3 Di-8100g, Di-8100g, Di-8100g Firmware 2024-09-10 9.8 Critical
D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm.
CVE-2024-44411 1 D-link 1 Di-8300 2024-09-10 9.8 Critical
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function.
CVE-2024-45623 1 D-link 1 Dap-2310 Firmware 2024-09-03 9.8 Critical
D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server (httpd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2024-8130 2 D-link, Dlink 60 Dnr-202l, Dnr-322l, Dnr-326 and 57 more 2024-08-27 6.3 Medium
A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this vulnerability is the function cgi_s3 of the file /cgi-bin/s3.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_a_key leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
CVE-2024-7357 1 D-link 1 Dir-600 2024-08-07 6.3 Medium
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgi_main of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273329 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.