Vulnerabilities > Dlink
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-07 | CVE-2020-10214 | Out-of-bounds Write vulnerability in Dlink Dir-825 Firmware 2.10 An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. | 8.8 |
| 2020-03-07 | CVE-2020-10213 | OS Command Injection vulnerability in multiple products An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. | 8.8 |
| 2020-03-05 | CVE-2019-20501 | OS Command Injection vulnerability in Dlink Dwl-2600Ap Firmware 4.2.0.15 D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter. | 7.8 |
| 2020-03-05 | CVE-2019-20500 | OS Command Injection vulnerability in Dlink Dwl-2600Ap Firmware 4.2.0.15 D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter. | 7.8 |
| 2020-03-05 | CVE-2019-20499 | OS Command Injection vulnerability in Dlink Dwl-2600Ap Firmware 4.2.0.15 D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter. | 7.8 |
| 2020-03-04 | CVE-2019-19226 | Missing Authentication for Critical Function vulnerability in Dlink Dsl-2680 Firmware 1.03 A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to enable or disable MAC address filtering by submitting a crafted Forms/WlanMacFilter_1 POST request without being authenticated on the admin interface. | 7.5 |
| 2020-03-04 | CVE-2019-19225 | Missing Authentication for Critical Function vulnerability in Dlink Dsl-2680 Firmware 1.03 A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to change DNS servers without being authenticated on the admin interface by submitting a crafted Forms/dns_1 POST request. | 7.5 |
| 2020-03-04 | CVE-2019-19224 | Missing Authentication for Critical Function vulnerability in Dlink Dsl-2680 Firmware 1.03 A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to download the configuration (binary file) settings by submitting a rom-0 GET request without being authenticated on the admin interface. | 7.5 |
| 2020-03-04 | CVE-2019-19223 | HTTP Request Smuggling vulnerability in Dlink Dsl-2680 Firmware 1.03 A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to reboot the router by submitting a reboot.html GET request without being authenticated on the admin interface. | 7.5 |
| 2020-03-04 | CVE-2019-19222 | Cross-site Scripting vulnerability in Dlink Dsl-2680 Firmware 1.03 A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wireless_autonetwork_1 POST request. | 5.4 |