Vulnerabilities > Dlink

DATE CVE VULNERABILITY TITLE RISK
2013-11-19 CVE-2013-2271 Permissions, Privileges, and Access Controls vulnerability in Dlink Dsl-2740B and Dsl-2740B Firmware
The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain administrator access via a request to login.cgi.
network
high complexity
dlink CWE-264
7.6
2013-09-20 CVE-2013-4707 Permissions, Privileges, and Access Controls vulnerability in Dlink Des-3810 and Des-3810 Firmware
The SSH implementation on D-Link Japan DES-3810 devices with firmware before R2.20.011 allows remote authenticated users to cause a denial of service (device hang) by leveraging login access.
network
dlink CWE-264
6.3
2013-09-20 CVE-2013-4706 Permissions, Privileges, and Access Controls vulnerability in Dlink Dwl-2100Ap and Dwl-2100Ap Firmware
The SSH implementation on the D-Link Japan DWL-2100AP with firmware before R252JP-RC572 allows remote authenticated users to cause a denial of service (reboot) by leveraging login access.
network
dlink CWE-264
6.3
2012-10-08 CVE-2012-5319 Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dcs-2000, Dcs-5300 and Dcs-900
Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the rootpass parameter.
network
dlink CWE-352
6.8
2012-10-08 CVE-2012-1308 Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dsl-2640B and Dsl-2640B Firmware
Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.
network
dlink CWE-352
6.8
2011-11-22 CVE-2011-4507 Cryptographic Issues vulnerability in Dlink Dir-685
The D-Link DIR-685 router, when certain WPA and WPA2 configurations are used, does not maintain an encrypted wireless network during transfer of a large amount of network traffic, which allows remote attackers to obtain sensitive information or bypass authentication via a Wi-Fi device.
network
low complexity
dlink CWE-310
7.5
2011-11-03 CVE-2011-3992 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Dlink products
Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors.
network
low complexity
dlink CWE-119
critical
10.0
2011-10-16 CVE-2010-4965 Credentials Management vulnerability in Dlink Dcs-2121 and Dcs-2121 Firmware
/etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server.
network
low complexity
dlink CWE-255
critical
9.0
2011-10-16 CVE-2010-4964 Code Injection vulnerability in Dlink Dcs-2121 and Dcs-2121 Firmware
recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon injection" vulnerability.
network
low complexity
dlink CWE-94
critical
9.0
2010-04-27 CVE-2009-4821 Improper Authentication vulnerability in Dlink Dir-615 3.10Na
The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors.
network
low complexity
dlink CWE-287
5.0