Vulnerabilities > D Link
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-08-06 | CVE-2004-0661 | Unspecified vulnerability in D-Link Di-604, Di-614+ and Di-624 Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid for thirteen or more years. | 5.0 |
| 2003-12-31 | CVE-2003-1346 | Permissions, Privileges, and Access Controls vulnerability in D-Link Dwl-900Ap+ 2.2/2.3/2.5 D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager. | 10.0 |
| 2003-12-31 | CVE-2003-1264 | Information Disclosure vulnerability in Longshine Wireless Access Point Devices TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img) and other files without authentication. | 5.0 |
| 2002-12-31 | CVE-2002-2137 | Information Disclosure vulnerability in GlobalSunTech Access Point GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and possibly OEM products such as (2) D-Link DWL-900AP+ B1 2.1 and 2.2, (3) ALLOY GL-2422AP-S, (4) EUSSO GL2422-AP, and (5) LINKSYS WAP11-V2.2, allow remote attackers to obtain sensitive information like WEP keys, the administrator password, and the MAC filter via a "getsearch" request to UDP port 27155. | 5.0 |
| 2002-12-31 | CVE-2002-1865 | Denial of Service vulnerability in Multiple Vendor Access Point Embedded HTTP Server Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4.68, Dl-704 V2.56b6, and Dl-704 V2.56b5 and (2) Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 through 1.42.7 and Linksys WAP11 1.3 and 1.4, allows remote attackers to cause a denial of service (crash) via a long header, as demonstrated using the Host header. | 5.0 |
| 2002-12-31 | CVE-2002-1810 | Unspecified vulnerability in D-Link Dwl-900Ap+ 2.1/2.2 D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information. | 7.5 |
| 2002-10-04 | CVE-2002-1069 | Remote Administration Arbitrary DHCP Address Release vulnerability in D-Link Di-804 4.68 The remote administration capability for the D-Link DI-804 router 4.68 allows remote attackers to bypass authentication and release DHCP addresses or obtain sensitive information via a direct web request to the pages (1) release.htm, (2) Device Status, or (3) Device Information. | 5.0 |
| 2002-10-04 | CVE-2002-1068 | Denial Of Service vulnerability in D-Link Print Server Long Post Request The web server for D-Link DP-300 print server allows remote attackers to cause a denial of service (hang) via a large HTTP POST request. | 5.0 |
| 2001-12-21 | CVE-2001-1221 | Unspecified vulnerability in D-Link Dwl-1000Ap 3.2.28483 D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses a default SNMP community string of 'public' which allows remote attackers to gain sensitive information. | 5.0 |
| 2001-12-21 | CVE-2001-1220 | Unspecified vulnerability in D-Link Dwl-1000Ap 3.2.28483 D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges. | 10.0 |