Vulnerabilities > Dlink

DATE CVE VULNERABILITY TITLE RISK
2017-07-19 CVE-2017-11436 Use of Hard-coded Credentials vulnerability in Dlink Dir-615 20.12Ptb01
D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection.
network
low complexity
dlink CWE-798
7.5
2017-07-07 CVE-2017-7406 Missing Encryption of Sensitive Data vulnerability in Dlink Dir-615 20.12Ptb01
The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages.
network
low complexity
dlink CWE-311
5.0
2017-07-07 CVE-2017-7405 Improper Authentication vulnerability in Dlink Dir-615 20.12Ptb01
On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine.
network
low complexity
dlink CWE-287
7.5
2017-07-07 CVE-2017-7404 Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-615 20.12Ptb01
On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim's Router without knowing the credentials (CSRF).
network
dlink CWE-352
6.8
2017-06-15 CVE-2017-9675 Improper Input Validation vulnerability in Dlink Dir-605L Firmware 2.08B01
On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an unauthenticated GET request to trigger a reboot.
network
low complexity
dlink CWE-20
7.8
2017-05-21 CVE-2017-9100 Improper Authentication vulnerability in Dlink Dir-600M Firmware 3.04
login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt.
low complexity
dlink CWE-287
8.3
2017-04-24 CVE-2017-7852 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack.
network
d-link dlink CWE-352
6.8
2017-04-10 CVE-2017-6190 Path Traversal vulnerability in Dlink Dwr-116 Firmware V1.00(Cp)B10/V1.01(Eu)/V1.05(Au)
Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a ..
network
low complexity
dlink CWE-22
5.0
2017-03-06 CVE-2017-6411 Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dsl-2730U Firmware In1.00
Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password.
network
dlink d-link CWE-352
6.8
2017-02-23 CVE-2017-6206 Information Exposure vulnerability in Dlink Websmart Dgs-1510 Series Firmware
D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vectors.
network
low complexity
dlink CWE-200
5.0