Vulnerabilities > Dlink > DIR 868L Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-04 | CVE-2020-29321 | Insufficiently Protected Credentials vulnerability in Dlink Dir-868L Firmware 3.01 The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. | 5.0 |
| 2019-03-25 | CVE-2019-7642 | Missing Authentication for Critical Function vulnerability in Dlink products D-Link routers with the mydlink feature have some web interfaces without authentication requirements. | 5.0 |
| 2018-03-06 | CVE-2018-6529 | Cross-site Scripting vulnerability in Dlink products XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi. | 6.1 |
| 2018-03-06 | CVE-2018-6528 | Cross-site Scripting vulnerability in Dlink products XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi. | 6.1 |
| 2018-03-06 | CVE-2018-6527 | Cross-site Scripting vulnerability in Dlink products XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi. | 6.1 |