Vulnerabilities > Dlink

DATE CVE VULNERABILITY TITLE RISK
2019-01-31 CVE-2018-15516 Server-Side Request Forgery (SSRF) vulnerability in Dlink Central Wifimanager 1.03
The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.
network
high complexity
dlink CWE-918
5.8
2019-01-31 CVE-2018-15515 Unspecified vulnerability in Dlink Central Wifimanager 1.03R0098
The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges.
local
low complexity
dlink
7.8
2019-01-09 CVE-2018-20675 Improper Authentication vulnerability in Dlink products
D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass.
network
low complexity
dlink CWE-287
critical
9.8
2019-01-09 CVE-2018-20674 Unspecified vulnerability in Dlink products
D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution.
network
low complexity
dlink
8.8
2019-01-02 CVE-2018-20114 OS Command Injection vulnerability in Dlink Dir-818Lw Firmware and Dir-860L Firmware
On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter.
network
low complexity
dlink CWE-78
critical
9.8
2018-12-25 CVE-2018-20445 Insufficiently Protected Credentials vulnerability in Dlink Dcm-604 Firmware and Dcm-704 Firmware
D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.32 and iso.3.6.1.4.1.4413.2.2.2.1.5.4.2.4.1.2.32 SNMP requests.
network
low complexity
dlink CWE-522
critical
9.8
2018-12-21 CVE-2018-18009 Use of Hard-coded Credentials vulnerability in Dlink Dir-140L Firmware and Dir-640L Firmware
dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials.
network
low complexity
dlink CWE-798
critical
9.8
2018-12-21 CVE-2018-18008 Use of Hard-coded Credentials vulnerability in Dlink products
spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials.
network
low complexity
dlink CWE-798
critical
9.8
2018-12-21 CVE-2018-18007 Use of Hard-coded Credentials vulnerability in Dlink Dsl-2770L Firmware Me1.01/Me1.02/Me1.06
atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials.
network
low complexity
dlink CWE-798
critical
9.8
2018-12-20 CVE-2018-18767 Inadequate Encryption Strength vulnerability in multiple products
An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06.
local
high complexity
dlink d-link CWE-326
7.0