Vulnerabilities > D Link
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-21 | CVE-2020-6842 | OS Command Injection vulnerability in D-Link Dch-M225 Firmware 1.05B01 D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name. | 9.0 |
| 2020-02-21 | CVE-2020-6841 | OS Command Injection vulnerability in D-Link Dch-M225 Firmware 1.05B01 D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. | 10.0 |
| 2020-02-19 | CVE-2012-6614 | Missing Authorization vulnerability in D-Link Dsr-250N Firmware D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password. | 9.0 |
| 2020-02-04 | CVE-2013-7055 | Insufficiently Protected Credentials vulnerability in D-Link Dir-100 Firmware 4.03B07 D-Link DIR-100 4.03B07 has PPTP and poe information disclosure | 5.0 |
| 2020-02-04 | CVE-2013-7054 | Cross-site Scripting vulnerability in D-Link Dir-100 Firmware 4.03B07 D-Link DIR-100 4.03B07: cli.cgi XSS | 4.3 |
| 2020-02-04 | CVE-2013-7053 | Cross-Site Request Forgery (CSRF) vulnerability in D-Link Dir-100 Firmware 4.03B07 D-Link DIR-100 4.03B07: cli.cgi CSRF | 6.8 |
| 2020-02-04 | CVE-2013-7052 | Insufficiently Protected Credentials vulnerability in D-Link Dir-100 Firmware 4.03B07 D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script | 5.0 |
| 2020-02-04 | CVE-2013-7051 | Improper Authentication vulnerability in D-Link Dir-100 Firmware 4.03B07 D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters | 6.8 |
| 2019-11-22 | CVE-2013-6811 | Cross-Site Request Forgery (CSRF) vulnerability in D-Link Dsl6740U Firmware Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DSL-6740U gateway (Rev. | 6.8 |
| 2019-10-25 | CVE-2013-4857 | XML Injection (aka Blind XPath Injection) vulnerability in D-Link Dir-865L Firmware D-Link DIR-865L has PHP File Inclusion in the router xml file. | 7.5 |