Search Results (1784 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-14426 1 Dlink 2 Dir-850l, Dir-850l Firmware 2025-04-20 7.8 High
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target) permissions.
CVE-2017-12943 1 Dlink 2 Dir-600 B1, Dir-600 B1 Firmware 2025-04-20 9.8 Critical
D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password.
CVE-2017-14425 1 Dlink 2 Dir-850l, Dir-850l Firmware 2025-04-20 7.8 High
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions.
CVE-2017-14413 1 Dlink 2 Dir-850l, Dir-850l Firmware 2025-04-20 6.1 Medium
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php.
CVE-2017-14424 1 Dlink 2 Dir-850l, Dir-850l Firmware 2025-04-20 7.8 High
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions.
CVE-2016-10178 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2025-04-20 9.8 Critical
An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command.
CVE-2017-14421 1 Dlink 2 Dir-850l, Dir-850l Firmware 2025-04-20 9.8 Critical
D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session.
CVE-2017-14420 1 Dlink 2 Dir-850l, Dir-850l Firmware 2025-04-20 5.9 Medium
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7859 2 D-link, Dlink 10 Dnr-320l Firmware, Dnr-326 Firmware, Dns-320lw Firmware and 7 more 2025-04-20 N/A
Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and "Referer" header values.
CVE-2017-14418 1 Dlink 2 Dir-850l, Dir-850l Firmware 2025-04-20 8.1 High
The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services.
CVE-2016-10180 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2025-04-20 7.5 High
An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding.
CVE-2017-14416 1 Dlink 2 Dir-850l, Dir-850l Firmware 2025-04-20 6.1 Medium
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php.
CVE-2014-7857 2 D-link, Dlink 14 Dnr-326 Firmware, Dns-320b Firmware, Dns-320l Firmware and 11 more 2025-04-20 N/A
D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session's cookie to username=admin.
CVE-2017-11436 1 Dlink 1 Dir-615 2025-04-20 9.8 Critical
D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection.
CVE-2017-10676 2 D-link, Dlink 2 Dir-600m Firmware, Dir-600m 2025-04-20 N/A
On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter.
CVE-2016-10179 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2025-04-20 7.5 High
An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607.
CVE-2016-1559 2 D-link, Dlink 6 Dap-1353 H\/w B1 Firmware, Dap-2553 H\/w A1 Firmware, Dap-3520 H\/w A1 Firmware and 3 more 2025-04-20 N/A
D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP.
CVE-2016-1558 1 Dlink 20 Dap-2230, Dap-2230 Firmware, Dap-2310 and 17 more 2025-04-20 N/A
Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, DAP-2695 1.16 and earlier, DAP-3320 1.00 and earlier, and DAP-3662 1.01 and earlier allows remote attackers to have unspecified impact via a crafted 'dlink_uid' cookie.
CVE-2016-10699 1 Dlink 2 Dsl-2740e, Dsl-2740e Firmware 2025-04-20 N/A
D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a victim when checking the router logs.
CVE-2016-10405 2 D-link, Dlink 2 Dir-600l Firmware, Dir-600l 2025-04-20 N/A
Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors.