Vulnerabilities > Dlink
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-26 | CVE-2019-6013 | OS Command Injection vulnerability in Dlink Dba-1510P Firmware 1.70B005/1.70B009 DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI). | 6.6 |
| 2019-12-18 | CVE-2019-19742 | Cross-site Scripting vulnerability in Dlink Dir-615 Firmware 20.07 On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field. | 4.8 |
| 2019-12-16 | CVE-2019-19743 | Unspecified vulnerability in Dlink Dir-615 T1 Firmware 20.07 On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal. | 6.5 |
| 2019-12-05 | CVE-2019-19598 | Improper Authentication vulnerability in Dlink Dap-1860 Firmware 1.01B06/1.02B01/1.04B01 D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. | 8.8 |
| 2019-12-05 | CVE-2019-19597 | Incorrect Authorization vulnerability in Dlink Dap-1860 Firmware 1.01B06/1.02B01/1.04B01 D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header. | 8.8 |
| 2019-11-11 | CVE-2019-18852 | Cleartext Transmission of Sensitive Information vulnerability in Dlink products Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. | 9.8 |
| 2019-10-25 | CVE-2013-4857 | XML Injection (aka Blind XPath Injection) vulnerability in Dlink Dir-865L Firmware D-Link DIR-865L has PHP File Inclusion in the router xml file. | 9.8 |
| 2019-10-25 | CVE-2013-4856 | Information Exposure vulnerability in Dlink Dir-865L Firmware D-Link DIR-865L has Information Disclosure. | 6.5 |
| 2019-10-25 | CVE-2013-4855 | Path Traversal vulnerability in Dlink Dir-865L Firmware D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share. | 8.8 |
| 2019-10-16 | CVE-2019-17512 | Missing Authentication for Critical Function vulnerability in Dlink Dir-412 Firmware A11.14Ww There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. | 9.1 |