Vulnerabilities > Dlink

DATE CVE VULNERABILITY TITLE RISK
2021-09-27 CVE-2021-41753 Improper Authentication vulnerability in Dlink Dir-X1560 Firmware and Dir-X6060 Firmware
A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1.04B04, and DIR-X6060, v1.11B04 allows a remote unauthenticated attacker to disconnect a wireless client via sending specific spoofed SAE authentication frames.
network
low complexity
dlink CWE-287
7.8
2021-09-24 CVE-2021-40654 Insufficiently Protected Credentials vulnerability in Dlink Dir-615 Firmware 17.00
An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt.
network
low complexity
dlink CWE-522
4.0
2021-09-24 CVE-2021-40655 Insufficiently Protected Credentials vulnerability in Dlink Dir-605L Firmware 2.01Mt
An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT.
network
low complexity
dlink CWE-522
5.0
2021-09-23 CVE-2021-21913 Use of Hard-coded Credentials vulnerability in Dlink Dir-3040 Firmware 1.13B03
An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03.
network
low complexity
dlink CWE-798
7.5
2021-09-09 CVE-2021-40284 Classic Buffer Overflow vulnerability in Dlink Dsl-3782 Firmware Eu1.01/Eu1.03
D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of service.
network
low complexity
dlink CWE-120
6.8
2021-08-24 CVE-2021-39509 Command Injection vulnerability in Dlink Dir-816 Firmware 1.10Cnb05R1B011D88210
An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function.
network
low complexity
dlink CWE-77
7.5
2021-08-24 CVE-2021-39510 Command Injection vulnerability in Dlink Dir-816 Firmware 101Cnb04
An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function.
network
low complexity
dlink CWE-77
7.5
2021-08-23 CVE-2021-39613 Use of Hard-coded Credentials vulnerability in Dlink Dvg-3104Ms Firmware 1.0.2.0.3/1.0.2.0.4/1.0.2.0.4E
** UNSUPPORTED WHEN ASSIGNED ** D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.
network
low complexity
dlink CWE-798
5.0
2021-08-23 CVE-2021-39614 Use of Hard-coded Credentials vulnerability in Dlink Dvx-2000Ms Firmware
D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.
network
low complexity
dlink CWE-798
5.0
2021-08-23 CVE-2021-39615 Use of Hard-coded Credentials vulnerability in Dlink Dsr-500N Firmware 1.02
** UNSUPPORTED WHEN ASSIGNED ** D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device.
network
low complexity
dlink CWE-798
critical
10.0