Vulnerabilities > Dlink > DIR 865L Firmware > 1.20b01

DATE CVE VULNERABILITY TITLE RISK
2020-06-03 CVE-2020-13787 Cleartext Transmission of Sensitive Information vulnerability in Dlink Dir-865L Firmware 1.20B01
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.
network
low complexity
dlink CWE-319
7.5
7.5
2020-06-03 CVE-2020-13786 Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-865L Firmware 1.20B01
D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.
network
low complexity
dlink CWE-352
8.8
8.8
2020-06-03 CVE-2020-13785 Inadequate Encryption Strength vulnerability in Dlink Dir-865L Firmware 1.20B01
D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.
network
low complexity
dlink CWE-326
7.5
7.5
2020-06-03 CVE-2020-13784 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Dlink Dir-865L Firmware 1.20B01
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.
network
low complexity
dlink CWE-335
7.5
7.5
2020-06-03 CVE-2020-13783 Cleartext Storage of Sensitive Information vulnerability in Dlink Dir-865L Firmware 1.20B01
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.
network
low complexity
dlink CWE-312
7.5
7.5
2020-06-03 CVE-2020-13782 OS Command Injection vulnerability in Dlink Dir-865L Firmware 1.20B01
D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.
network
low complexity
dlink CWE-78
8.8
8.8
2018-03-06 CVE-2018-6530 OS Command Injection vulnerability in Dlink products
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2018-03-06 CVE-2018-6529 Cross-site Scripting vulnerability in Dlink products
XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.
network
low complexity
dlink CWE-79
6.1
6.1
2018-03-06 CVE-2018-6528 Cross-site Scripting vulnerability in Dlink products
XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.
network
low complexity
dlink CWE-79
6.1
6.1
2018-03-06 CVE-2018-6527 Cross-site Scripting vulnerability in Dlink products
XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.
network
low complexity
dlink CWE-79
6.1
6.1