Vulnerabilities > Dlink > DIR 865L Firmware

DATE CVE VULNERABILITY TITLE RISK
2020-09-19 CVE-2020-25786 Cross-site Scripting vulnerability in Dlink products
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header.
network
low complexity
dlink CWE-79
6.1
6.1
2020-06-03 CVE-2020-13787 Cleartext Transmission of Sensitive Information vulnerability in Dlink Dir-865L Firmware 1.20B01
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.
network
low complexity
dlink CWE-319
5.0
5.0
2020-06-03 CVE-2020-13786 Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-865L Firmware 1.20B01
D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.
network
dlink CWE-352
6.8
6.8
2020-06-03 CVE-2020-13785 Inadequate Encryption Strength vulnerability in Dlink Dir-865L Firmware 1.20B01
D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.
network
low complexity
dlink CWE-326
5.0
5.0
2020-06-03 CVE-2020-13784 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Dlink Dir-865L Firmware 1.20B01
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.
network
low complexity
dlink CWE-335
5.0
5.0
2020-06-03 CVE-2020-13783 Cleartext Storage of Sensitive Information vulnerability in Dlink Dir-865L Firmware 1.20B01
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.
network
low complexity
dlink CWE-312
5.0
5.0
2020-06-03 CVE-2020-13782 OS Command Injection vulnerability in Dlink Dir-865L Firmware 1.20B01
D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.
network
low complexity
dlink CWE-78
6.5
6.5
2020-01-02 CVE-2019-20213 Incorrect Authorization vulnerability in Dlink products
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.
network
low complexity
dlink CWE-863
7.5
7.5
2019-12-30 CVE-2019-17621 OS Command Injection vulnerability in Dlink products
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2019-10-25 CVE-2013-4857 XML Injection (aka Blind XPath Injection) vulnerability in Dlink Dir-865L Firmware
D-Link DIR-865L has PHP File Inclusion in the router xml file.
network
low complexity
dlink CWE-91
critical
 9.8
9.8