Vulnerabilities > Dlink
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-22 | CVE-2020-12774 | OS Command Injection vulnerability in Dlink Dsl-7740C Firmware V6.Tr069.20180723 D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command. | 6.7 |
| 2020-07-09 | CVE-2020-9377 | OS Command Injection vulnerability in Dlink Dir-610 Firmware D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. | 8.8 |
| 2020-07-09 | CVE-2020-9376 | Injection vulnerability in Dlink Dir-610 Firmware D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. | 7.5 |
| 2020-06-15 | CVE-2020-13150 | Missing Authentication for Critical Function vulnerability in Dlink Dsl-2750U Firmware Me1.03 D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active. | 7.8 |
| 2020-06-08 | CVE-2020-13960 | Unspecified vulnerability in Dlink Dir-600M Firmware and Dsl-2730U Firmware D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses (and also offer Internet services such as HTTP) for names that otherwise would have had an NXDOMAIN error, by registering a subdomain of the domain.name domain name. | 7.5 |
| 2020-06-08 | CVE-2020-12695 | Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | 7.5 |
| 2020-06-03 | CVE-2020-13787 | Cleartext Transmission of Sensitive Information vulnerability in Dlink Dir-865L Firmware 1.20B01 D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information. | 7.5 |
| 2020-06-03 | CVE-2020-13786 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-865L Firmware 1.20B01 D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF. | 8.8 |
| 2020-06-03 | CVE-2020-13785 | Inadequate Encryption Strength vulnerability in Dlink Dir-865L Firmware 1.20B01 D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength. | 7.5 |
| 2020-06-03 | CVE-2020-13784 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Dlink Dir-865L Firmware 1.20B01 D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. | 7.5 |