Vulnerabilities > D Link
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-22 | CVE-2020-15895 | Cross-site Scripting vulnerability in D-Link Dir-816L Firmware 2.06/2.06.B09 An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. | 4.3 |
| 2020-07-22 | CVE-2020-15894 | Information Exposure vulnerability in D-Link Dir-816L Firmware 2.06/2.06.B09 An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. | 5.0 |
| 2020-07-22 | CVE-2020-15893 | OS Command Injection vulnerability in D-Link Dir-816L Firmware 2.06/2.06.B09 An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. | 7.5 |
| 2020-07-22 | CVE-2020-15892 | Classic Buffer Overflow vulnerability in D-Link Dap-1520 Firmware An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. | 7.5 |
| 2020-06-08 | CVE-2020-12695 | Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | 7.8 |
| 2020-05-18 | CVE-2020-13136 | Information Exposure vulnerability in D-Link Dsp-W215 Firmware 1.26B03 D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer. | 5.0 |
| 2020-05-18 | CVE-2020-13135 | Information Exposure vulnerability in D-Link Dsp-W215 Firmware 1.26B03 D-Link DSP-W215 1.26b03 devices allow information disclosure by intercepting messages on the local network, as demonstrated by a Squid Proxy. | 3.3 |
| 2020-05-15 | CVE-2019-18666 | Missing Authorization vulnerability in D-Link Dap-1360 Revision F Firmware 6.12B01 An issue was discovered on D-Link DAP-1360 revision F devices. | 10.0 |
| 2020-03-19 | CVE-2019-15656 | Cleartext Storage of Sensitive Information vulnerability in D-Link Dsl-2875Al Firmware and Dsl-2877Al Firmware D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of username_v and password_v variables. | 5.0 |
| 2020-03-19 | CVE-2019-15655 | Insufficiently Protected Credentials vulnerability in D-Link Dsl-2875Al Firmware D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /romfile.cfg request to the web management server. | 5.0 |