Vulnerabilities > Dlink
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-28 | CVE-2018-15839 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dlink Dir-615 Firmware D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header. | 7.5 |
| 2018-08-25 | CVE-2018-15875 | Cross-site Scripting vulnerability in Dlink Dir-615 Firmware 20.07 Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request. | 4.3 |
| 2018-08-25 | CVE-2018-15874 | Cross-site Scripting vulnerability in Dlink Dir-615 Firmware 20.07 Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request. | 4.3 |
| 2018-08-24 | CVE-2017-11564 | Out-of-bounds Write vulnerability in Dlink Eyeon Baby Monitor Firmware 1.08.1 The D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has multiple command injection vulnerabilities in the web service framework. | 9.0 |
| 2018-08-24 | CVE-2017-11563 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dlink Eyeon Baby Monitor Firmware 1.08.1 D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. | 10.0 |
| 2018-07-13 | CVE-2016-6563 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dlink products Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. | 10.0 |
| 2018-07-05 | CVE-2018-12103 | Incorrect Authorization vulnerability in multiple products An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). | 6.5 |
| 2018-06-19 | CVE-2018-6210 | Use of Hard-coded Credentials vulnerability in Dlink Dir-620 Firmware 1.0.37 D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session. | 10.0 |
| 2018-05-23 | CVE-2018-8898 | Improper Authentication vulnerability in Dlink Dsl-3782 Firmware 3.10.0.24 A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and configurations meanwhile an administrator is logged into the web panel. | 9.8 |
| 2018-05-10 | CVE-2018-10957 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-868L Firmware 1.12 CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. | 8.8 |