Vulnerabilities > D Link

DATE CVE VULNERABILITY TITLE RISK
2018-04-03 CVE-2018-8941 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in D-Link Dsl-3782 Firmware 1.01
Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v.
network
low complexity
d-link CWE-119
8.8
2018-03-05 CVE-2018-7698 Insufficiently Protected Credentials vulnerability in D-Link Mydlink+ 3.8.5
An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05.04 devices.
network
d-link CWE-522
4.3
2018-02-21 CVE-2018-6936 Cross-site Scripting vulnerability in D-Link Dir-600M C1 Firmware 3.01
Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account.
network
low complexity
d-link CWE-79
5.4
2018-01-12 CVE-2018-5371 OS Command Injection vulnerability in D-Link Dsl-2540U Firmware and Dsl-2640U Firmware
diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request.
network
low complexity
d-link CWE-78
8.8
2017-12-16 CVE-2017-3192 Insufficiently Protected Credentials vulnerability in D-Link Dir-130 Firmware and Dir-330 Firmware
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials.
network
low complexity
d-link CWE-522
critical
9.8
2017-12-16 CVE-2017-3191 Improper Input Validation vulnerability in D-Link Dir-130 Firmware and Dir-330 Firmware
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page.
network
low complexity
d-link CWE-20
critical
9.8
2017-11-15 CVE-2017-7851 Cross-Site Request Forgery (CSRF) vulnerability in D-Link Dcs-936L
D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header.
network
low complexity
d-link CWE-352
8.8
2017-09-07 CVE-2016-10405 Session Fixation vulnerability in D-Link Dir-600L Firmware
Session fixation vulnerability in D-Link DIR-600L routers (rev.
network
low complexity
d-link CWE-384
critical
9.8
2017-08-25 CVE-2014-7860 Information Exposure vulnerability in D-Link Dns-320L Firmware and Dns-327L Firmware
The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and access_token.
network
low complexity
d-link CWE-200
5.3
2017-08-25 CVE-2014-7859 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in D-Link products
Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and "Referer" header values.
network
low complexity
d-link CWE-119
critical
9.8