Vulnerabilities > Dlink
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-10 | CVE-2019-12786 | Command Injection vulnerability in Dlink Dir-818Lw Firmware 2.05.B03/2.06B01 An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. | 8.8 |
| 2019-05-13 | CVE-2018-19989 | OS Command Injection vulnerability in multiple products In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices. | 9.8 |
| 2019-05-13 | CVE-2018-19987 | OS Command Injection vulnerability in multiple products D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. | 9.8 |
| 2019-05-06 | CVE-2019-10999 | Out-of-bounds Write vulnerability in Dlink products The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. | 8.8 |
| 2019-04-18 | CVE-2019-11017 | Cross-site Scripting vulnerability in Dlink Di-524 Firmware 2.06Ru On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter. | 4.8 |
| 2019-04-11 | CVE-2018-19300 | Improper Input Validation vulnerability in multiple products On D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) before firmware version 1.06b01, DWR-111 (A1) before firmware version 1.02v02, DWR-116 (A1) before firmware version 1.06b03, DWR-512 (B1) before firmware version 2.02b01, DWR-711 (A1) through firmware version 1.11, DWR-712 (B1) before firmware version 2.04b01, DWR-921 (A1) before firmware version 1.02b01, and DWR-921 (B1) before firmware version 2.03b01, there exists an EXCU_SHELL file in the web directory. | 9.8 |
| 2019-04-01 | CVE-2018-17990 | OS Command Injection vulnerability in Dlink Dsl-3782 Firmware 1.01 An issue was discovered on D-Link DSL-3782 devices with firmware 1.01. | 8.8 |
| 2019-04-01 | CVE-2018-17989 | Cross-site Scripting vulnerability in Dlink Dsl-3782 Firmware 1.01 A stored XSS vulnerability exists in the web interface on D-Link DSL-3782 devices with firmware 1.01 that allows authenticated attackers to inject a JavaScript or HTML payload inside the ACL page. | 5.4 |
| 2019-03-25 | CVE-2019-7642 | Missing Authentication for Critical Function vulnerability in Dlink products D-Link routers with the mydlink feature have some web interfaces without authentication requirements. | 7.5 |
| 2019-03-25 | CVE-2019-10042 | Missing Authentication for Critical Function vulnerability in Dlink Dir-816 Firmware 1.11 The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. | 7.5 |