Search Results (1784 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-2048 1 Dlink 2 Dcs-931l, Dcs-931l Firmware 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2015-2049 1 Dlink 2 Dcs-931l, Dcs-931l Firmware 2025-04-12 N/A
Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.
CVE-2015-2050 1 Dlink 2 Dap-1320, Dap-1320 Firmware 2025-04-12 N/A
D-Link DAP-1320 Rev Ax with firmware before 1.21b05 allows attackers to execute arbitrary commands via unspecified vectors.
CVE-2015-2052 1 Dlink 2 Dir-645, Dir-645 Firmware 2025-04-12 N/A
Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface.
CVE-2015-5999 1 Dlink 2 Dir-816l, Dir-816l Firmware 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi.
CVE-2014-3936 1 Dlink 6 Dir-505l Shareport Mobile Companion, Dir505 Shareport Mobile Companion, Dir505 Shareport Mobile Companion Firmware and 3 more 2025-04-12 N/A
Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request.
CVE-2013-4772 1 Dlink 4 Dir-505l Shareport Mobile Companion, Dir-505l Shareport Mobile Companion Firmware, Dir-826l Wireless N600 Cloud Router and 1 more 2025-04-12 N/A
D-Link DIR-505L SharePort Mobile Companion 1.01 and DIR-826L Wireless N600 Cloud Router 1.02 allows remote attackers to bypass authentication via a direct request when an authorized session is active.
CVE-2016-5681 2 D-link, Dlink 20 Dir-817l\(w\) Firmware, Dir-818l\(w\) Firmware, Dir-823 Firmware and 17 more 2025-04-12 9.8 Critical
Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08, DIR-868L B1 2.03 before 2.03WWb01, and DIR-868L C1 3.00 before 3.00WWb01 devices allows remote attackers to execute arbitrary code via a long session cookie.
CVE-2014-3872 1 Dlink 2 Dap-1350, Dap-1350 Firmware 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1) with firmware 1.14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password.
CVE-2014-9517 1 Dlink 2 Dcs-2103, Dcs-2103 Firmware 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm.
CVE-2023-44415 1 Dlink 4 Dir-1260, Dir-1260 Firmware, Dir-2150 and 1 more 2025-04-11 8.0 High
D-Link Multiple Routers cli Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1260 and DIR-2150 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the CLI service, which listens on TCP port 23. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-19946.
CVE-2012-5306 1 Dlink 2 Camera Stream Client Activex Control, Dcs-5605 Ptz Ip Network Camera 2025-04-11 N/A
Stack-based buffer overflow in the SelectDirectory method in DcsCliCtrl.dll in Camera Stream Client ActiveX Control, as used in D-Link DCS-5605 PTZ IP Network Camera, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string argument.
CVE-2013-7308 1 Dlink 2 Des-3810-28, Des-3810-28 Firmware 2025-04-11 N/A
The OSPF implementation on the D-Link DES-3810-28 switch with firmware R2.20.B017 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
CVE-2013-2271 1 Dlink 2 Dsl-2740b, Dsl-2740b Firmware 2025-04-11 N/A
The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain administrator access via a request to login.cgi.
CVE-2013-5946 1 Dlink 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more 2025-04-11 N/A
The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "Ping or Trace an IP Address" or (2) "Perform a DNS Lookup" section.
CVE-2009-4821 1 Dlink 1 Dir-615 2025-04-11 N/A
The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors.
CVE-2013-5997 1 Dlink 2 Des-3800, Des-3800 Firmware 2025-04-11 N/A
Unspecified vulnerability in the SSH implementation on D-Link Japan DES-3800 devices with firmware before R4.50B58 allows remote authenticated users to cause a denial of service (device hang) via unknown vectors, a different vulnerability than CVE-2013-5998.
CVE-2013-5998 1 Dlink 2 Des-3800, Des-3800 Firmware 2025-04-11 N/A
Unspecified vulnerability in the Web manager implementation on D-Link Japan DES-3800 devices with firmware before R4.50B58 allows remote attackers to cause a denial of service (device hang) via unknown vectors, a different vulnerability than CVE-2013-5997.
CVE-2010-4964 1 Dlink 2 Dcs-2121, Dcs-2121 Firmware 2025-04-11 N/A
recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon injection" vulnerability.
CVE-2013-7004 1 Dlink 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more 2025-04-11 N/A
D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username.