Vulnerabilities > Dlink > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-07-31 CVE-2023-36092 Incorrect Authorization vulnerability in Dlink Dir-859 Firmware 1.05B03
Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main.
network
low complexity
dlink CWE-863
critical
 9.8
9.8
2023-07-17 CVE-2023-37791 Out-of-bounds Write vulnerability in Dlink Dir-619L Firmware 2.04
D-Link DIR-619L v2.04(TW) was discovered to contain a stack overflow via the curTime parameter at /goform/formLogin.
network
low complexity
dlink CWE-787
critical
 9.8
9.8
2023-06-29 CVE-2023-26612 Classic Buffer Overflow vulnerability in Dlink Dir-823G Firmware 1.02B05
D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the HostName field in SetParentsControlInfo.
network
low complexity
dlink CWE-120
critical
 9.8
9.8
2023-06-29 CVE-2023-26613 OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.02B05
An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted GET request to EXCU_SHELL.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2023-06-29 CVE-2023-26616 Classic Buffer Overflow vulnerability in Dlink Dir-823G Firmware 1.02B05
D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the URL field in SetParentsControlInfo.
network
low complexity
dlink CWE-120
critical
 9.8
9.8
2023-06-28 CVE-2023-32222 Improper Authentication vulnerability in Dlink Dsl-G256Dg Firmware Bz1.00.27
D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method.
network
low complexity
dlink CWE-287
critical
 9.8
9.8
2023-06-28 CVE-2023-32224 Improper Restriction of Excessive Authentication Attempts vulnerability in Dlink Dsl-224 Firmware 3.0.10
D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts
network
low complexity
dlink CWE-307
critical
 9.8
9.8
2023-06-15 CVE-2023-34800 OS Command Injection vulnerability in Dlink Go-Rt-Ac750 Firmware Reva1.01B03
D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at genacgi_main.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2023-06-12 CVE-2023-33625 Command Injection vulnerability in Dlink Dir-600 Firmware 2.18
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function.
network
low complexity
dlink CWE-77
critical
 9.8
9.8
2023-06-12 CVE-2023-33626 Out-of-bounds Write vulnerability in Dlink Dir-600 Firmware 2.18
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary.
network
low complexity
dlink CWE-787
critical
 9.8
9.8