Export limit exceeded: 363284 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1784 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2928 | 2 D-link, Dlink | 3 Dwr-m960, Dwr-m960, Dwr-m960 Firmware | 2026-04-16 | 8.8 High |
| A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub_452CCC of the file /boafrm/formWlEncrypt of the component WLAN Encryption Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-2929 | 2 D-link, Dlink | 3 Dwr-m960, Dwr-m960, Dwr-m960 Firmware | 2026-04-16 | 8.8 High |
| A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_453140 of the file /boafrm/formWlAc of the component Wireless Access Control Endpoint. This manipulation of the argument submit-url causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-3485 | 2 D-link, Dlink | 3 Dir-868l, Dir-868l, Dir-868l Firmware | 2026-04-16 | 9.8 Critical |
| A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2005-1828 | 1 Dlink | 2 Dsl-504t, Dsl-504t Firmware | 2026-04-16 | 7.5 High |
| D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2006-3687 | 2 D-link, Dlink | 7 Di-604 Broadband Router, Di-784, Ebr-2310 Ethernet Broadband Router and 4 more | 2026-04-16 | N/A |
| Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900. | ||||
| CVE-2005-4723 | 2 D-link, Dlink | 4 Di-524, Di-784, Di-524 and 1 more | 2026-04-16 | N/A |
| D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment. | ||||
| CVE-2005-1827 | 1 Dlink | 2 Dsl-504t, Dsl-504t Firmware | 2026-04-16 | N/A |
| D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg. | ||||
| CVE-2002-1810 | 1 Dlink | 2 Dwl-900ap\+, Dwl-900ap\+ Firmware | 2026-04-16 | 7.5 High |
| D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information. | ||||
| CVE-2004-0615 | 2 D-link, Dlink | 3 Di-614\+, Di-704p, Di-624 | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request. | ||||
| CVE-2025-52222 | 2 D-link, Dlink | 27 Di-8003, Di-8003g, Di-8004w and 24 more | 2026-04-15 | 7.5 High |
| D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-8400 v16.07.26A1, DI-8004w v16.07.26A1, DI-8100 v16.07.26A1, and DI-8100G v17.12.20A1 were discovered to contain a buffer overflow via the rd_en, rd_auth, rd_acct, http_hadmin, http_hadminpwd, rd_key, and rd_ip parameters in the radius_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2024-27619 | 1 Dlink | 1 Dir-3040 Firmware | 2026-04-15 | 7.3 High |
| Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. Any user having read/write access to ftp server can write directly to ram causing buffer overflow if file or files uploaded are greater than available ram. Ftp server allows change of directory to root which is one level up than root of usb flash directory. During upload ram is getting filled and causing system resource exhaustion (no free memory) which causes system to crash and reboot. | ||||
| CVE-2024-57595 | 1 Dlink | 1 Dir-825 | 2026-04-15 | 9.8 Critical |
| DLINK DIR-825 REVB 2.03 devices have an OS command injection vulnerability in the CGl interface apc_client_pin.cgi, which allows remote attackers to execute arbitrary commands via the parameter "wps_pin" passed to the apc_client_pin.cgi binary through a POST request. | ||||
| CVE-2024-7849 | 1 Dlink | 20 Dnr-202l Firmware, Dnr-322l Firmware, Dnr-326 Firmware and 17 more | 2026-04-15 | 8.8 High |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This affects the function cgi_create_album of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument current_path leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. | ||||
| CVE-2024-6045 | 1 Dlink | 15 E15 Firmware, E30 Firmware, G403 Firmware and 12 more | 2026-04-15 | 8.8 High |
| Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware. | ||||
| CVE-2025-60344 | 1 Dlink | 3 Dsr-150, Dsr-150n, Dsr-250n | 2026-04-15 | 8.6 High |
| A path traversal (directory traversal) vulnerability in D-Link DSR series routers allows unauthenticated remote attackers to manipulate input parameters used for file or directory path resolution (e.g., via sequences such as “../”). Successful exploitation may allow access to files outside of the intended directory, potentially exposing sensitive system or configuration files. The issue results from insufficient validation or sanitization of user-supplied input. Affected Products include: DSR-150, DSR-150N, and DSR-250N v1.09B32_WW. | ||||
| CVE-2025-34048 | 2 D-link, Dlink | 3 Dcs-2750e, Dsl-2750u, Dsl-2730u Firmware | 2026-04-15 | N/A |
| A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN_1.02, SEA_1.04, and SEA_1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI script. This flaw allows an unauthenticated remote attacker to perform path traversal attacks by supplying crafted requests, enabling arbitrary file read on the affected device. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC. | ||||
| CVE-2024-28728 | 1 Dlink | 1 Dwr-2000m | 2026-04-15 | 6.6 Medium |
| Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via a crafted payload to the WiFi SSID Name field. | ||||
| CVE-2024-44333 | 1 Dlink | 6 Di-7003gv2 Firmware, Di-7100g\+v2 Firmware, Di-7100gv2 Firmware and 3 more | 2026-04-15 | 8.8 High |
| D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution. An attacker can achieve arbitrary command execution by sending a carefully crafted malicious string to the CGI function responsible for handling usb_paswd.asp. | ||||
| CVE-2024-44335 | 1 Dlink | 7 Di-7003g Firmware, Di-7003gv2 Firmware, Di-7100g\+v2 Firmware and 4 more | 2026-04-15 | 8.8 High |
| D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution (RCE) via version_upgrade.asp. | ||||
| CVE-2024-28726 | 1 Dlink | 1 Dwr-2000m Firmware | 2026-04-15 | 8 High |
| An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted payload to the Diagnostics function. | ||||