Vulnerabilities > Dlink
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-11-19 | CVE-2013-2271 | Permissions, Privileges, and Access Controls vulnerability in Dlink Dsl-2740B and Dsl-2740B Firmware The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain administrator access via a request to login.cgi. | 7.6 |
2013-09-20 | CVE-2013-4707 | Permissions, Privileges, and Access Controls vulnerability in Dlink Des-3810 and Des-3810 Firmware The SSH implementation on D-Link Japan DES-3810 devices with firmware before R2.20.011 allows remote authenticated users to cause a denial of service (device hang) by leveraging login access. | 6.3 |
2013-09-20 | CVE-2013-4706 | Permissions, Privileges, and Access Controls vulnerability in Dlink Dwl-2100Ap and Dwl-2100Ap Firmware The SSH implementation on the D-Link Japan DWL-2100AP with firmware before R252JP-RC572 allows remote authenticated users to cause a denial of service (reboot) by leveraging login access. | 6.3 |
2012-10-08 | CVE-2012-5319 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dcs-2000, Dcs-5300 and Dcs-900 Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the rootpass parameter. | 6.8 |
2012-10-08 | CVE-2012-1308 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dsl-2640B and Dsl-2640B Firmware Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter. | 6.8 |
2011-11-22 | CVE-2011-4507 | Cryptographic Issues vulnerability in Dlink Dir-685 The D-Link DIR-685 router, when certain WPA and WPA2 configurations are used, does not maintain an encrypted wireless network during transfer of a large amount of network traffic, which allows remote attackers to obtain sensitive information or bypass authentication via a Wi-Fi device. | 7.5 |
2011-11-03 | CVE-2011-3992 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Dlink products Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. | 10.0 |
2011-10-16 | CVE-2010-4965 | Credentials Management vulnerability in Dlink Dcs-2121 and Dcs-2121 Firmware /etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server. | 9.0 |
2011-10-16 | CVE-2010-4964 | Code Injection vulnerability in Dlink Dcs-2121 and Dcs-2121 Firmware recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon injection" vulnerability. | 9.0 |
2010-04-27 | CVE-2009-4821 | Improper Authentication vulnerability in Dlink Dir-615 3.10Na The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors. | 5.0 |