Vulnerabilities > D Link

DATE CVE VULNERABILITY TITLE RISK
2020-03-05 CVE-2019-20501 OS Command Injection vulnerability in D-Link Dwl-2600Ap Firmware 4.2.0.15
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter.
local
low complexity
d-link CWE-78
7.2
2020-03-05 CVE-2019-20500 OS Command Injection vulnerability in D-Link Dwl-2600Ap Firmware 4.2.0.15
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter.
local
low complexity
d-link CWE-78
7.2
2020-03-05 CVE-2019-20499 OS Command Injection vulnerability in D-Link Dwl-2600Ap Firmware 4.2.0.15
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter.
local
low complexity
d-link CWE-78
7.2
2020-03-04 CVE-2019-19226 Missing Authentication for Critical Function vulnerability in D-Link Dsl-2680 Firmware 1.03
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to enable or disable MAC address filtering by submitting a crafted Forms/WlanMacFilter_1 POST request without being authenticated on the admin interface.
network
low complexity
d-link CWE-306
5.0
2020-03-04 CVE-2019-19225 Missing Authentication for Critical Function vulnerability in D-Link Dsl-2680 Firmware 1.03
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to change DNS servers without being authenticated on the admin interface by submitting a crafted Forms/dns_1 POST request.
network
low complexity
d-link CWE-306
5.0
2020-03-04 CVE-2019-19224 Missing Authentication for Critical Function vulnerability in D-Link Dsl-2680 Firmware 1.03
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to download the configuration (binary file) settings by submitting a rom-0 GET request without being authenticated on the admin interface.
network
low complexity
d-link CWE-306
5.0
2020-03-04 CVE-2019-19223 HTTP Request Smuggling vulnerability in D-Link Dsl-2680 Firmware 1.03
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to reboot the router by submitting a reboot.html GET request without being authenticated on the admin interface.
network
low complexity
d-link CWE-444
7.8
2020-03-04 CVE-2019-19222 Cross-site Scripting vulnerability in D-Link Dsl-2680 Firmware 1.03
A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wireless_autonetwork_1 POST request.
network
d-link CWE-79
3.5
2020-03-02 CVE-2020-9535 Out-of-bounds Write vulnerability in D-Link Dir-615Jx10 Firmware
fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup_Wizard webpage parameter when f_radius_ip1 is malformed.
network
low complexity
d-link CWE-787
6.5
2020-03-02 CVE-2020-9534 Out-of-bounds Write vulnerability in D-Link Dir-615Jx10 Firmware
fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup webpage parameter when f_radius_ip1 is malformed.
network
low complexity
d-link CWE-787
6.5