Vulnerabilities > D Link > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-25 | CVE-2019-9125 | Missing Authentication for Critical Function vulnerability in D-Link Dir-878 Firmware 1.12B01 An issue was discovered on D-Link DIR-878 1.12B01 devices. | 9.8 |
| 2019-02-25 | CVE-2019-9124 | Improper Authentication vulnerability in D-Link Dir-878 Firmware 1.12B01 An issue was discovered on D-Link DIR-878 1.12B01 devices. | 9.8 |
| 2019-01-31 | CVE-2019-7297 | OS Command Injection vulnerability in D-Link Dir-823G Firmware An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. | 9.8 |
| 2018-12-23 | CVE-2018-20389 | Insufficiently Protected Credentials vulnerability in D-Link Dcm-604 Firmware and Dcm-704 Firmware D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 9.8 |
| 2018-12-20 | CVE-2018-20305 | Out-of-bounds Write vulnerability in D-Link Dir-816 A2 Firmware 1.10B05 D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. | 9.8 |
| 2018-12-11 | CVE-2018-20056 | Out-of-bounds Write vulnerability in D-Link Dir-605L Firmware and Dir-619L Firmware An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. | 9.8 |
| 2018-10-09 | CVE-2018-14081 | Insufficiently Protected Credentials vulnerability in D-Link products An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. | 9.8 |
| 2018-10-03 | CVE-2018-17881 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in D-Link Dir-823G Firmware On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change. | 9.8 |
| 2018-10-02 | CVE-2018-17787 | OS Command Injection vulnerability in D-Link Dir-823G Firmware On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function. | 9.8 |
| 2018-10-02 | CVE-2018-17786 | Improper Authentication vulnerability in D-Link Dir-823G Firmware On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code. | 9.8 |