Vulnerabilities > D Link
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-10-26 | CVE-2006-5537 | Cross-Site Scripting vulnerability in D-Link Dsl-G624T Firmware3.00B01T01.Yac.20060616 Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allow remote attackers to inject arbitrary web script or HTML via the (1) upnp:settings/state or (2) upnp:settings/connection parameters. network d-link | 4.3 |
2006-10-26 | CVE-2006-5536 | Information Disclosure vulnerability in D-Link Dsl-G624T Firmware3.00B01T01.Yac.20060616 Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. | 5.0 |
2006-06-07 | CVE-2006-2901 | Information Disclosure vulnerability in D-Link DWL-2100AP The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords. | 5.0 |
2006-05-30 | CVE-2006-2653 | Cross-Site Scripting vulnerability in D-Link Airspot DSA-3100 Gateway Login_error.SHTML Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter. | 2.6 |
2006-05-12 | CVE-2006-2337 | Path Traversal vulnerability in D-Link Dsl-G604T Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wireless ADSL Router Modem allows remote attackers to read arbitrary files via an absolute path in the getpage parameter. | 5.0 |
2006-02-19 | CVE-2006-0784 | Denial Of Service vulnerability in D-Link DWL-G700AP HTTPD D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of "GET" followed by a space and two newlines, possibly triggering the crash due to missing arguments. | 5.0 |
2005-05-20 | CVE-2005-1680 | Security Bypass vulnerability in DSL-562T D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firmwarecfg is executed, allows remote attackers to bypass authentication (1) if their IP address already exists in /var/tmp/fw_ip or (2) if their request is the first, which causes /var/tmp/fw_ip to be created and contain their IP address. | 7.5 |
2004-08-31 | CVE-2004-1650 | Remote Configuration vulnerability in D-Link Dcs-900 Internet Camera 2.10/2.20/2.28 D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet. | 7.5 |
2004-08-06 | CVE-2004-0661 | Unspecified vulnerability in D-Link Di-604, Di-614+ and Di-624 Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid for thirteen or more years. | 5.0 |
2003-12-31 | CVE-2003-1346 | Permissions, Privileges, and Access Controls vulnerability in D-Link Dwl-900Ap+ 2.2/2.3/2.5 D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager. | 10.0 |