Vulnerabilities > Dlink
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-31 | CVE-2018-15516 | Server-Side Request Forgery (SSRF) vulnerability in Dlink Central Wifimanager 1.03 The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF. | 5.8 |
| 2019-01-31 | CVE-2018-15515 | Unspecified vulnerability in Dlink Central Wifimanager 1.03R0098 The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges. | 7.8 |
| 2019-01-09 | CVE-2018-20675 | Improper Authentication vulnerability in Dlink products D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass. | 9.8 |
| 2019-01-09 | CVE-2018-20674 | Unspecified vulnerability in Dlink products D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution. | 8.8 |
| 2019-01-02 | CVE-2018-20114 | OS Command Injection vulnerability in Dlink Dir-818Lw Firmware and Dir-860L Firmware On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. | 9.8 |
| 2018-12-25 | CVE-2018-20445 | Insufficiently Protected Credentials vulnerability in Dlink Dcm-604 Firmware and Dcm-704 Firmware D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.32 and iso.3.6.1.4.1.4413.2.2.2.1.5.4.2.4.1.2.32 SNMP requests. | 9.8 |
| 2018-12-21 | CVE-2018-18009 | Use of Hard-coded Credentials vulnerability in Dlink Dir-140L Firmware and Dir-640L Firmware dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials. | 9.8 |
| 2018-12-21 | CVE-2018-18008 | Use of Hard-coded Credentials vulnerability in Dlink products spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials. | 9.8 |
| 2018-12-21 | CVE-2018-18007 | Use of Hard-coded Credentials vulnerability in Dlink Dsl-2770L Firmware Me1.01/Me1.02/Me1.06 atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials. | 9.8 |
| 2018-12-20 | CVE-2018-18767 | Inadequate Encryption Strength vulnerability in multiple products An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. | 7.0 |