Vulnerabilities > Dlink

DATE CVE VULNERABILITY TITLE RISK
2022-10-26 CVE-2022-43003 Out-of-bounds Write vulnerability in Dlink Dir-816 Firmware 1.10B05
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function.
network
low complexity
dlink CWE-787
critical
9.8
2022-10-19 CVE-2022-43184 Command Injection vulnerability in Dlink Dir-878 Firmware 1.30B08
D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via the component /bin/proc.cgi.
network
low complexity
dlink CWE-77
critical
9.8
2022-10-19 CVE-2016-20017 Command Injection vulnerability in Dlink Dsl-2750B Firmware
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022.
network
low complexity
dlink CWE-77
critical
9.8
2022-10-13 CVE-2022-42156 Command Injection vulnerability in Dlink products
D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at function SetNetworkTomographySettings.
network
low complexity
dlink CWE-77
8.8
2022-10-13 CVE-2022-42159 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Dlink products
D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator.
network
low complexity
dlink CWE-338
4.3
2022-10-13 CVE-2022-42160 Command Injection vulnerability in Dlink products
D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings.
network
low complexity
dlink CWE-77
8.8
2022-10-13 CVE-2022-42161 Command Injection vulnerability in Dlink products
D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS.
network
low complexity
dlink CWE-77
8.8
2022-06-27 CVE-2022-32092 Command Injection vulnerability in Dlink Dir-645 Firmware 1.03
D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi.
network
low complexity
dlink CWE-77
7.5
2022-06-16 CVE-2018-18907 Improper Authentication vulnerability in Dlink Dir-850L Firmare
An issue was discovered on D-Link DIR-850L 1.21WW devices.
network
low complexity
dlink CWE-287
5.0
2022-06-03 CVE-2022-29778 Unspecified vulnerability in Dlink Dir-890L Firmware 1.09/1.11B01
** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php.
network
low complexity
dlink
6.5