Vulnerabilities > D Link > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-10-31 CVE-2021-33259 Missing Authentication for Critical Function vulnerability in D-Link Dir-868Lw Firmware 1.12B
Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history.
network
low complexity
d-link CWE-306
5.3
5.3
2019-10-16 CVE-2019-17663 Cross-site Scripting vulnerability in D-Link Dir-866L Firmware 1.03B04
D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessage in the device common gateway interface, leading to common injection.
network
low complexity
d-link CWE-79
6.1
6.1
2018-10-24 CVE-2018-18636 Cross-site Scripting vulnerability in D-Link Dsl-2640T Firmware
XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:RelaodHref or var:conid parameter.
network
low complexity
d-link CWE-79
6.1
6.1
2018-07-05 CVE-2018-12103 Incorrect Authorization vulnerability in multiple products
An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions).
low complexity
dlink d-link CWE-863
6.5
6.5
2018-06-20 CVE-2018-6212 Cross-site Scripting vulnerability in D-Link Dir-620 Firmware
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of the XMLHttpRequest object.
network
low complexity
d-link CWE-79
6.1
6.1
2018-04-18 CVE-2018-10110 Cross-site Scripting vulnerability in D-Link Dir-615 T1 Firmware 20.07
D-Link DIR-615 T1 devices allow XSS via the Add User feature.
network
low complexity
d-link CWE-79
4.8
4.8
2018-02-21 CVE-2018-6936 Cross-site Scripting vulnerability in D-Link Dir-600M C1 Firmware 3.01
Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account.
network
low complexity
d-link CWE-79
5.4
5.4
2017-08-25 CVE-2014-7860 Information Exposure vulnerability in D-Link Dns-320L Firmware and Dns-327L Firmware
The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and access_token.
network
low complexity
d-link CWE-200
5.3
5.3
2017-07-20 CVE-2017-10676 Cross-site Scripting vulnerability in D-Link Dir-600M Firmware Fw3.05B01
On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter.
network
low complexity
d-link CWE-79
6.1
6.1