Vulnerabilities > Dlink

DATE CVE VULNERABILITY TITLE RISK
2021-01-08 CVE-2020-24577 Cleartext Storage of Sensitive Information vulnerability in Dlink Dsl-2888A Firmware
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55.
network
low complexity
dlink CWE-312
5.0
2020-12-30 CVE-2019-12768 Improper Authentication vulnerability in Dlink Dap-1650 Firmware
An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix.
network
low complexity
dlink CWE-287
7.5
2020-12-15 CVE-2020-25759 Improper Input Validation vulnerability in Dlink products
An issue was discovered on D-Link DSR-250 3.17 devices.
network
low complexity
dlink CWE-20
critical
9.0
2020-12-15 CVE-2020-25758 Improper Validation of Integrity Check Value vulnerability in Dlink products
An issue was discovered on D-Link DSR-250 3.17 devices.
network
low complexity
dlink CWE-354
critical
9.0
2020-12-15 CVE-2020-25757 Improper Input Validation vulnerability in Dlink products
A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges.
low complexity
dlink CWE-20
8.3
2020-10-06 CVE-2020-26582 Command Injection vulnerability in Dlink Dap-1360U Firmware
D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping (aka res_config_action=3&res_config_id=18).
network
low complexity
dlink CWE-77
critical
9.0
2020-09-19 CVE-2020-25786 Cross-Site Scripting vulnerability in Dlink products
** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header.
network
dlink CWE-79
4.3
2020-09-14 CVE-2018-20432 USE of Hard-Coded Credentials vulnerability in Dlink Covr-2600R Firmware and Covr-3902 Firmware
D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration.
network
low complexity
dlink CWE-798
critical
10.0
2020-09-02 CVE-2020-25079 Unspecified vulnerability in Dlink Dcs-2530L Firmware and Dcs-2670L Firmware
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices.
network
low complexity
dlink
critical
9.0
2020-07-23 CVE-2020-15632 Incorrect Implementation of Authentication Algorithm vulnerability in Dlink Dir-842 Firmware
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers.
low complexity
dlink CWE-303
5.8