Vulnerabilities > D Link > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-20 | CVE-2018-6213 | Use of Hard-coded Credentials vulnerability in D-Link Dir-620 Firmware In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account. | 9.8 |
| 2018-05-18 | CVE-2018-10968 | Insecure Default Initialization of Resource vulnerability in D-Link Dir-550A Firmware and Dir-604M Firmware On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability. | 9.8 |
| 2018-05-13 | CVE-2018-11013 | Out-of-bounds Write vulnerability in D-Link Dir-816 A2 Firmware 1.10B05 Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header. | 9.8 |
| 2018-05-12 | CVE-2018-10996 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in D-Link Dir-629-B Firmware The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout request involving a long REMOTE_ADDR environment variable. | 10.0 |
| 2017-12-16 | CVE-2017-3192 | Insufficiently Protected Credentials vulnerability in D-Link Dir-130 Firmware and Dir-330 Firmware D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. | 9.8 |
| 2017-12-16 | CVE-2017-3191 | Improper Input Validation vulnerability in D-Link Dir-130 Firmware and Dir-330 Firmware D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. | 9.8 |
| 2017-09-07 | CVE-2016-10405 | Session Fixation vulnerability in D-Link Dir-600L Firmware Session fixation vulnerability in D-Link DIR-600L routers (rev. | 9.8 |
| 2017-08-25 | CVE-2014-7859 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in D-Link products Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and "Referer" header values. | 9.8 |
| 2017-08-25 | CVE-2014-7858 | Improper Authentication vulnerability in D-Link Dnr-326 Firmware The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string. | 9.8 |
| 2017-08-25 | CVE-2014-7857 | Improper Authentication vulnerability in D-Link products D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session's cookie to username=admin. | 9.8 |