Vulnerabilities > D Link
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-25 | CVE-2014-7858 | Improper Authentication vulnerability in D-Link Dnr-326 Firmware The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string. | 9.8 |
| 2017-08-25 | CVE-2014-7857 | Improper Authentication vulnerability in D-Link products D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session's cookie to username=admin. | 9.8 |
| 2017-07-20 | CVE-2017-10676 | Cross-site Scripting vulnerability in D-Link Dir-600M Firmware Fw3.05B01 On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter. | 6.1 |
| 2017-06-11 | CVE-2017-9542 | Improper Authentication vulnerability in D-Link Dir-615 Firmware D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. | 9.8 |
| 2017-04-24 | CVE-2015-7247 | Information Exposure vulnerability in D-Link Dvg-N5402Sp Firmware W1000Cn00/W1000Cn03/W2000En00 D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information. | 9.8 |
| 2017-04-24 | CVE-2015-7246 | Use of Hard-coded Credentials vulnerability in D-Link Dvg-N5402Sp Firmware W1000Cn00/W1000Cn03/W2000En00 D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access. | 9.8 |
| 2017-04-24 | CVE-2015-7245 | Path Traversal vulnerability in D-Link Dvg-N5402Sp Firmware W1000Cn00/W1000Cn03/W2000En00 Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. | 7.5 |
| 2017-04-21 | CVE-2016-1559 | Information Exposure vulnerability in D-Link products D-Link DAP-1353 H/W vers. | 8.1 |
| 2017-04-04 | CVE-2017-7398 | Cross-Site Request Forgery (CSRF) vulnerability in D-Link Dir-615 Firmware 20.09 D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. | 8.8 |
| 2017-03-22 | CVE-2017-5874 | Cross-Site Request Forgery (CSRF) vulnerability in D-Link Dir-600M Firmware CSRF exists on D-Link DIR-600M Rev. | 8.8 |