Vulnerabilities > D Link
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-04-03 | CVE-2018-8941 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in D-Link Dsl-3782 Firmware 1.01 Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. | 8.8 |
2018-03-05 | CVE-2018-7698 | Insufficiently Protected Credentials vulnerability in D-Link Mydlink+ 3.8.5 An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05.04 devices. | 8.1 |
2018-02-21 | CVE-2018-6936 | Cross-site Scripting vulnerability in D-Link Dir-600M C1 Firmware 3.01 Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account. | 5.4 |
2018-01-12 | CVE-2018-5371 | OS Command Injection vulnerability in D-Link Dsl-2540U Firmware and Dsl-2640U Firmware diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request. | 8.8 |
2017-12-16 | CVE-2017-3192 | Insufficiently Protected Credentials vulnerability in D-Link Dir-130 Firmware and Dir-330 Firmware D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. | 9.8 |
2017-12-16 | CVE-2017-3191 | Improper Input Validation vulnerability in D-Link Dir-130 Firmware and Dir-330 Firmware D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. | 9.8 |
2017-11-15 | CVE-2017-7851 | Cross-Site Request Forgery (CSRF) vulnerability in D-Link Dcs-936L D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header. | 8.8 |
2017-09-07 | CVE-2016-10405 | Session Fixation vulnerability in D-Link Dir-600L Firmware Session fixation vulnerability in D-Link DIR-600L routers (rev. | 9.8 |
2017-08-25 | CVE-2014-7860 | Information Exposure vulnerability in D-Link Dns-320L Firmware and Dns-327L Firmware The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and access_token. | 5.3 |
2017-08-25 | CVE-2014-7859 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in D-Link products Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and "Referer" header values. | 9.8 |