Vulnerabilities > D Link

DATE CVE VULNERABILITY TITLE RISK
2017-03-06 CVE-2017-5633 Cross-Site Request Forgery (CSRF) vulnerability in D-Link Di-524 Firmware 9.01
Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted requests to CGI programs.
network
low complexity
d-link CWE-352
8.0
8.0
2016-08-25 CVE-2016-5681 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08, DIR-868L B1 2.03 before 2.03WWb01, and DIR-868L C1 3.00 before 3.00WWb01 devices allows remote attackers to execute arbitrary code via a long session cookie.
network
low complexity
dlink d-link CWE-119
critical
 9.8
9.8
2015-01-05 CVE-2014-9518 Cross-site Scripting vulnerability in D-Link Dir-655 and Dir-655 Firmware
Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01 allows remote attackers to inject arbitrary web script or HTML via the html_response_page parameter.
network
d-link CWE-79
4.3
4.3
2014-12-03 CVE-2014-9238 Path Traversal vulnerability in D-Link Dcs-2103 HD Cube Network Camera Firmware 1.0.0
D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) character.
network
low complexity
d-link CWE-22
5.0
5.0
2014-12-03 CVE-2014-9234 Path Traversal vulnerability in D-Link Dcs-2103 HD Cube Network Camera Firmware 1.0.0
Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a ..
network
low complexity
d-link CWE-22
5.0
5.0
2014-02-06 CVE-2013-7321 Cross-Site Scripting vulnerability in D-Link DAP 2253 and DAP 2253 Firmware
Cross-site scripting (XSS) vulnerability in D-Link DAP-2253 Access Point (Rev.
network
d-link CWE-79
4.3
4.3
2014-02-06 CVE-2013-7320 Cross-Site Request Forgery (CSRF) vulnerability in D-Link DAP 2253 and DAP 2253 Firmware
Cross-site request forgery (CSRF) vulnerability in D-Link DAP-2253 Access Point (Rev.
network
d-link CWE-352
6.8
6.8
2010-06-15 CVE-2010-2293 Improper Input Validation vulnerability in D-Link Di-604
The Ping tools web interface in Dlink Di-604 router allows remote authenticated users to cause a denial of service via a large "ip textfield" size.
network
low complexity
d-link CWE-20
6.8
6.8
2010-06-15 CVE-2010-2292 Cross-Site Scripting vulnerability in D-Link Di-604
Cross-site scripting (XSS) vulnerability in the Ping tools web interface in Dlink Di-604 router allows remote attackers to inject arbitrary web script or HTML via the IP field.
network
d-link CWE-79
4.3
4.3
2010-03-08 CVE-2010-0936 Cross-Site Scripting vulnerability in D-Link Dkvm-Ip8 2282Dlinka4P820071213
Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.
network
d-link CWE-79
4.3
4.3