Vulnerabilities > Dlink
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-22 | CVE-2020-24579 | Improper Authentication vulnerability in Dlink Dsl2888A Firmware An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. | 8.8 |
| 2020-12-22 | CVE-2020-24578 | Incorrect Permission Assignment for Critical Resource vulnerability in Dlink Dsl2888A Firmware An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. | 6.5 |
| 2020-12-15 | CVE-2020-25759 | OS Command Injection vulnerability in Dlink products An issue was discovered on D-Link DSR-250 3.17 devices. | 8.8 |
| 2020-12-15 | CVE-2020-25758 | Improper Validation of Integrity Check Value vulnerability in Dlink products An issue was discovered on D-Link DSR-250 3.17 devices. | 8.8 |
| 2020-12-15 | CVE-2020-25757 | OS Command Injection vulnerability in Dlink products A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. | 8.8 |
| 2020-10-08 | CVE-2020-26567 | Missing Authentication for Critical Function vulnerability in Dlink Dsr-250N Firmware An issue was discovered on D-Link DSR-250N before 3.17B devices. | 5.5 |
| 2020-10-06 | CVE-2020-26582 | OS Command Injection vulnerability in Dlink Dap-1360U Firmware D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping (aka res_config_action=3&res_config_id=18). | 8.8 |
| 2020-09-19 | CVE-2020-25786 | Cross-site Scripting vulnerability in Dlink products webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. | 6.1 |
| 2020-09-14 | CVE-2018-20432 | Use of Hard-coded Credentials vulnerability in Dlink Covr-2600R Firmware and Covr-3902 Firmware D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration. | 9.8 |
| 2020-09-02 | CVE-2020-25079 | Command Injection vulnerability in Dlink Dcs-2530L Firmware and Dcs-2670L Firmware An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. | 8.8 |