Vulnerabilities > D Link

DATE CVE VULNERABILITY TITLE RISK
2020-02-21 CVE-2020-6842 OS Command Injection vulnerability in D-Link Dch-M225 Firmware 1.05B01
D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name.
network
low complexity
d-link CWE-78
critical
9.0
2020-02-21 CVE-2020-6841 OS Command Injection vulnerability in D-Link Dch-M225 Firmware 1.05B01
D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter.
network
low complexity
d-link CWE-78
critical
10.0
2020-02-19 CVE-2012-6614 Missing Authorization vulnerability in D-Link Dsr-250N Firmware
D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password.
network
low complexity
d-link CWE-862
critical
9.0
2020-02-04 CVE-2013-7055 Insufficiently Protected Credentials vulnerability in D-Link Dir-100 Firmware 4.03B07
D-Link DIR-100 4.03B07 has PPTP and poe information disclosure
network
low complexity
d-link CWE-522
5.0
2020-02-04 CVE-2013-7054 Cross-site Scripting vulnerability in D-Link Dir-100 Firmware 4.03B07
D-Link DIR-100 4.03B07: cli.cgi XSS
network
d-link CWE-79
4.3
2020-02-04 CVE-2013-7053 Cross-Site Request Forgery (CSRF) vulnerability in D-Link Dir-100 Firmware 4.03B07
D-Link DIR-100 4.03B07: cli.cgi CSRF
network
d-link CWE-352
6.8
2020-02-04 CVE-2013-7052 Insufficiently Protected Credentials vulnerability in D-Link Dir-100 Firmware 4.03B07
D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script
network
low complexity
d-link CWE-522
5.0
2020-02-04 CVE-2013-7051 Improper Authentication vulnerability in D-Link Dir-100 Firmware 4.03B07
D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters
network
d-link CWE-287
6.8
2019-11-22 CVE-2013-6811 Cross-Site Request Forgery (CSRF) vulnerability in D-Link Dsl6740U Firmware
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DSL-6740U gateway (Rev.
network
d-link CWE-352
6.8
2019-10-25 CVE-2013-4857 XML Injection (aka Blind XPath Injection) vulnerability in D-Link Dir-865L Firmware
D-Link DIR-865L has PHP File Inclusion in the router xml file.
network
low complexity
d-link CWE-91
7.5