Vulnerabilities > Dlink

DATE CVE VULNERABILITY TITLE RISK
2019-12-26 CVE-2019-16326 Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-601 Firmware 2.00Na
D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented.
network
dlink CWE-352
6.8
6.8
2019-12-26 CVE-2019-6014 OS Command Injection vulnerability in Dlink Dba-1510P Firmware 1.70B005/1.70B009
DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface.
low complexity
dlink CWE-78
8.3
8.3
2019-12-26 CVE-2019-6013 OS Command Injection vulnerability in Dlink Dba-1510P Firmware 1.70B005/1.70B009
DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI).
local
low complexity
dlink CWE-78
6.8
6.8
2019-12-18 CVE-2019-19742 Cross-site Scripting vulnerability in Dlink Dir-615 Firmware 20.07
On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field.
network
low complexity
dlink CWE-79
4.8
4.8
2019-12-16 CVE-2019-19743 Improper Input Validation vulnerability in Dlink Dir-615 T1 Firmware 20.07
On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal.
network
low complexity
dlink CWE-20
4.0
4.0
2019-12-05 CVE-2019-19598 Improper Authentication vulnerability in Dlink Dap-1860 Firmware 1.01B06/1.02B01/1.04B01
D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value.
low complexity
dlink CWE-287
8.3
8.3
2019-12-05 CVE-2019-19597 Incorrect Authorization vulnerability in Dlink Dap-1860 Firmware 1.01B06/1.02B01/1.04B01
D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header.
low complexity
dlink CWE-863
8.3
8.3
2019-11-11 CVE-2019-18852 Cleartext Transmission of Sensitive Information vulnerability in Dlink products
Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign.
network
low complexity
dlink CWE-319
critical
 10.0
10
2019-10-25 CVE-2013-4857 XML Injection (aka Blind XPath Injection) vulnerability in Dlink Dir-865L Firmware
D-Link DIR-865L has PHP File Inclusion in the router xml file.
network
low complexity
dlink CWE-91
critical
 9.8
9.8
2019-10-25 CVE-2013-4856 Information Exposure vulnerability in Dlink Dir-865L Firmware
D-Link DIR-865L has Information Disclosure.
low complexity
dlink CWE-200
6.5
6.5