Vulnerabilities > D Link > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-31 | CVE-2021-33259 | Missing Authentication for Critical Function vulnerability in D-Link Dir-868Lw Firmware 1.12B Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history. | 5.3 |
| 2020-03-05 | CVE-2020-9544 | Improper Authentication vulnerability in D-Link Dsl-2640B Firmware E1Eu1.01 An issue was discovered on D-Link DSL-2640B E1 EU_1.01 devices. | 5.0 |
| 2019-11-22 | CVE-2013-6811 | Cross-Site Request Forgery (CSRF) vulnerability in D-Link Dsl6740U Firmware Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DSL-6740U gateway (Rev. | 6.8 |
| 2019-10-16 | CVE-2019-17663 | Cross-site Scripting vulnerability in D-Link Dir-866L Firmware 1.03B04 D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessage in the device common gateway interface, leading to common injection. | 6.1 |
| 2018-10-24 | CVE-2018-18636 | Cross-site Scripting vulnerability in D-Link Dsl-2640T Firmware XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:RelaodHref or var:conid parameter. | 6.1 |
| 2018-07-05 | CVE-2018-12103 | Incorrect Authorization vulnerability in multiple products An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). | 6.5 |
| 2018-06-20 | CVE-2018-6212 | Cross-site Scripting vulnerability in D-Link Dir-620 Firmware On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of the XMLHttpRequest object. | 6.1 |
| 2018-04-18 | CVE-2018-10110 | Cross-site Scripting vulnerability in D-Link Dir-615 T1 Firmware 20.07 D-Link DIR-615 T1 devices allow XSS via the Add User feature. | 4.8 |
| 2018-03-05 | CVE-2018-7698 | Insufficiently Protected Credentials vulnerability in D-Link Mydlink+ 3.8.5 An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05.04 devices. | 4.3 |
| 2018-02-21 | CVE-2018-6936 | Cross-site Scripting vulnerability in D-Link Dir-600M C1 Firmware 3.01 Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account. | 5.4 |