Vulnerabilities > Dlink
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-02 | CVE-2020-9535 | Out-of-bounds Write vulnerability in Dlink Dir-615Jx10 Firmware fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup_Wizard webpage parameter when f_radius_ip1 is malformed. | 8.8 |
| 2020-03-02 | CVE-2020-9534 | Out-of-bounds Write vulnerability in Dlink Dir-615Jx10 Firmware fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup webpage parameter when f_radius_ip1 is malformed. | 8.8 |
| 2020-02-22 | CVE-2020-8862 | Improper Authentication vulnerability in Dlink Dap-2610 Firmware This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. | 8.8 |
| 2020-02-22 | CVE-2020-8861 | Improper Authentication vulnerability in Dlink Dap-1330 Firmware 1.00.B21/1.10B01 This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. | 8.8 |
| 2020-02-21 | CVE-2020-6842 | OS Command Injection vulnerability in Dlink Dch-M225 Firmware 1.05B01 D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name. | 7.2 |
| 2020-02-21 | CVE-2020-6841 | OS Command Injection vulnerability in Dlink Dch-M225 Firmware 1.05B01 D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. | 9.8 |
| 2020-02-19 | CVE-2012-6614 | Missing Authorization vulnerability in Dlink Dsr-250N Firmware D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password. | 7.2 |
| 2020-02-13 | CVE-2020-8962 | Out-of-bounds Write vulnerability in Dlink Dir-842 Firmware 3.13B09 A stack-based buffer overflow was found on the D-Link DIR-842 REVC with firmware v3.13B09 HOTFIX due to the use of strcpy for LOGINPASSWORD when handling a POST request to the /MTFWU endpoint. | 9.8 |
| 2020-02-11 | CVE-2013-5945 | SQL Injection vulnerability in Dlink products Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua. | 9.8 |
| 2020-02-07 | CVE-2013-3096 | Improper Authentication vulnerability in Dlink Dir865L Firmware 1.03 D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking" vulnerability. | 5.9 |