Vulnerabilities > Dlink
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-29 | CVE-2023-26613 | OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.02B05 An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted GET request to EXCU_SHELL. | 9.8 |
| 2023-06-29 | CVE-2023-26616 | Classic Buffer Overflow vulnerability in Dlink Dir-823G Firmware 1.02B05 D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the URL field in SetParentsControlInfo. | 9.8 |
| 2023-06-28 | CVE-2023-32222 | Improper Authentication vulnerability in Dlink Dsl-G256Dg Firmware Bz1.00.27 D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method. | 9.8 |
| 2023-06-28 | CVE-2023-32223 | Unspecified vulnerability in Dlink Dsl-224 Firmware 3.0.10 D-Link DSL-224 firmware version 3.0.10 allows post authentication command execution via an unspecified method. | 8.8 |
| 2023-06-28 | CVE-2023-32224 | Improper Restriction of Excessive Authentication Attempts vulnerability in Dlink Dsl-224 Firmware 3.0.10 D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts | 9.8 |
| 2023-06-28 | CVE-2023-26615 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Dlink Dir-823G Firmware 1.02B05 D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from the SetMultipleActions API, allowing unauthorized attackers to reset the WEB page management password. | 7.5 |
| 2023-06-15 | CVE-2023-34800 | OS Command Injection vulnerability in Dlink Go-Rt-Ac750 Firmware Reva1.01B03 D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at genacgi_main. | 9.8 |
| 2023-06-12 | CVE-2023-33625 | Command Injection vulnerability in Dlink Dir-600 Firmware 2.18 D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function. | 9.8 |
| 2023-06-12 | CVE-2023-33626 | Out-of-bounds Write vulnerability in Dlink Dir-600 Firmware 2.18 D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary. | 9.8 |
| 2023-06-09 | CVE-2023-34856 | Cross-site Scripting vulnerability in Dlink Di-7500G-Ci Firmware 19.05.29A A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /auth_pic.cgi. | 5.4 |