Vulnerabilities > Dlink

DATE CVE VULNERABILITY TITLE RISK
2022-10-26 CVE-2022-42999 OS Command Injection vulnerability in Dlink Dir-816 Firmware 1.10B05
D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm.
network
low complexity
dlink CWE-78
7.5
7.5
2022-10-26 CVE-2022-43000 Out-of-bounds Write vulnerability in Dlink Dir-816 Firmware 1.10B05
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4.
network
low complexity
dlink CWE-787
critical
 9.8
9.8
2022-10-26 CVE-2022-43001 Out-of-bounds Write vulnerability in Dlink Dir-816 Firmware 1.10B05
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function.
network
low complexity
dlink CWE-787
critical
 9.8
9.8
2022-10-26 CVE-2022-43002 Out-of-bounds Write vulnerability in Dlink Dir-816 Firmware 1.10B05
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54.
network
low complexity
dlink CWE-787
critical
 9.8
9.8
2022-10-26 CVE-2022-43003 Out-of-bounds Write vulnerability in Dlink Dir-816 Firmware 1.10B05
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function.
network
low complexity
dlink CWE-787
critical
 9.8
9.8
2022-10-19 CVE-2022-43184 OS Command Injection vulnerability in Dlink Dir-878 Firmware 1.30B08
D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via the component /bin/proc.cgi.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2022-10-19 CVE-2016-20017 Command Injection vulnerability in Dlink Dsl-2750B Firmware
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022.
network
low complexity
dlink CWE-77
critical
 9.8
9.8
2022-10-13 CVE-2022-42156 Command Injection vulnerability in Dlink products
D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at function SetNetworkTomographySettings.
network
low complexity
dlink CWE-77
8.8
8.8
2022-10-13 CVE-2022-42159 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Dlink products
D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator.
network
low complexity
dlink CWE-335
4.3
4.3
2022-10-13 CVE-2022-42160 Command Injection vulnerability in Dlink products
D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings.
network
low complexity
dlink CWE-77
8.8
8.8