Vulnerabilities > Dlink

DATE CVE VULNERABILITY TITLE RISK
2019-10-14 CVE-2017-14948 Classic Buffer Overflow vulnerability in Dlink products
Certain D-Link products are affected by: Buffer Overflow.
network
low complexity
dlink CWE-120
7.5
2019-10-14 CVE-2019-17511 Missing Authentication for Critical Function vulnerability in Dlink Dir-412 Firmware A11.14Ww
There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers.
network
low complexity
dlink CWE-306
5.0
2019-10-11 CVE-2019-17510 OS Command Injection vulnerability in Dlink Dir-846 Firmware 100A35
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell metacharacters to /squashfs-root/www/HNAP1/control/SetWizardConfig.php.
network
low complexity
dlink CWE-78
critical
10.0
2019-10-11 CVE-2019-17509 OS Command Injection vulnerability in Dlink Dir-846 Firmware 100A35
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php.
network
low complexity
dlink CWE-78
critical
10.0
2019-10-11 CVE-2019-17508 OS Command Injection vulnerability in Dlink Dir-850L A Firmware and Dir-859 A3 Firmware
On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable.
network
low complexity
dlink CWE-78
critical
10.0
2019-10-11 CVE-2019-17507 Improper Input Validation vulnerability in Dlink Dir-816 A1 Firmware 1.06
An issue was discovered on D-Link DIR-816 A1 1.06 devices.
network
low complexity
dlink CWE-20
5.0
2019-10-11 CVE-2019-17506 Missing Authentication for Critical Function vulnerability in Dlink Dir-817Lw A1 Firmware and Dir-868L B1 Firmware
There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers.
network
low complexity
dlink CWE-306
critical
10.0
2019-10-11 CVE-2019-17505 Missing Authentication for Critical Function vulnerability in Dlink Dap-1320 A2 Firmware 1.21
D-Link DAP-1320 A2-V1.21 routers have some web interfaces without authentication requirements, as demonstrated by uplink_info.xml.
network
low complexity
dlink CWE-306
5.0
2019-10-09 CVE-2019-17353 Missing Authentication for Critical Function vulnerability in Dlink Dir-615 Firmware 20.05/20.07
An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07.
network
low complexity
dlink CWE-306
6.4
2019-09-27 CVE-2019-16920 OS Command Injection vulnerability in Dlink products
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565.
network
low complexity
dlink CWE-78
critical
9.8