Vulnerabilities > Dlink
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-26 | CVE-2019-16326 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-601 Firmware 2.00Na D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented. | 6.8 |
2019-12-26 | CVE-2019-6014 | OS Command Injection vulnerability in Dlink Dba-1510P Firmware 1.70B005/1.70B009 DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface. | 8.3 |
2019-12-26 | CVE-2019-6013 | OS Command Injection vulnerability in Dlink Dba-1510P Firmware 1.70B005/1.70B009 DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI). | 6.8 |
2019-12-18 | CVE-2019-19742 | Cross-site Scripting vulnerability in Dlink Dir-615 Firmware 20.07 On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field. | 4.8 |
2019-12-16 | CVE-2019-19743 | Improper Input Validation vulnerability in Dlink Dir-615 T1 Firmware 20.07 On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal. | 4.0 |
2019-12-05 | CVE-2019-19598 | Improper Authentication vulnerability in Dlink Dap-1860 Firmware 1.01B06/1.02B01/1.04B01 D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. | 8.3 |
2019-12-05 | CVE-2019-19597 | Incorrect Authorization vulnerability in Dlink Dap-1860 Firmware 1.01B06/1.02B01/1.04B01 D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header. | 8.3 |
2019-11-11 | CVE-2019-18852 | Cleartext Transmission of Sensitive Information vulnerability in Dlink products Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. | 10.0 |
2019-10-25 | CVE-2013-4857 | XML Injection (aka Blind XPath Injection) vulnerability in Dlink Dir-865L Firmware D-Link DIR-865L has PHP File Inclusion in the router xml file. | 9.8 |
2019-10-25 | CVE-2013-4856 | Information Exposure vulnerability in Dlink Dir-865L Firmware D-Link DIR-865L has Information Disclosure. | 6.5 |