Vulnerabilities > Dlink > DIR 655 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-27 | CVE-2019-16920 | OS Command Injection vulnerability in Dlink products Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. | 9.8 |
| 2019-07-11 | CVE-2019-13563 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-655 Firmware 3.02B05 D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console. | 8.8 |
| 2019-07-11 | CVE-2019-13562 | Cross-site Scripting vulnerability in Dlink Dir-655 Firmware 3.02B05 D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the /www/apply_sec.cgi html_response_return_page parameter. | 6.1 |
| 2019-07-11 | CVE-2019-13561 | OS Command Injection vulnerability in Dlink Dir-655 Firmware 3.02B05 D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter. | 9.8 |
| 2019-07-11 | CVE-2019-13560 | Credentials Management vulnerability in Dlink Dir-655 Firmware 3.02B05 D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter. | 9.8 |