Vulnerabilities > Dlink > DIR 868L Firmware > 3.01

DATE CVE VULNERABILITY TITLE RISK
2021-06-04 CVE-2020-29321 Insufficiently Protected Credentials vulnerability in Dlink Dir-868L Firmware 3.01
The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.
network
low complexity
dlink CWE-522
7.5
7.5
2018-03-06 CVE-2018-6530 OS Command Injection vulnerability in Dlink products
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2018-03-06 CVE-2018-6529 Cross-site Scripting vulnerability in Dlink products
XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.
network
low complexity
dlink CWE-79
6.1
6.1
2018-03-06 CVE-2018-6528 Cross-site Scripting vulnerability in Dlink products
XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.
network
low complexity
dlink CWE-79
6.1
6.1
2018-03-06 CVE-2018-6527 Cross-site Scripting vulnerability in Dlink products
XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.
network
low complexity
dlink CWE-79
6.1
6.1