Vulnerabilities > Dlink > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-03-13 CVE-2023-24762 OS Command Injection vulnerability in Dlink Dir-867 Firmware 1.30B07
OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 allows attackers to execute arbitrary commands via a crafted LocalIPAddress parameter for the SetVirtualServerSettings to HNAP1.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2023-02-10 CVE-2023-24348 Out-of-bounds Write vulnerability in Dlink Dir-605L Firmware 2.13B01
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetACLFilter.
network
low complexity
dlink CWE-787
critical
 9.8
9.8
2023-02-10 CVE-2023-24349 Out-of-bounds Write vulnerability in Dlink Dir-605L Firmware 2.13B01
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetRoute.
network
low complexity
dlink CWE-787
critical
 9.8
9.8
2023-02-10 CVE-2023-24350 Out-of-bounds Write vulnerability in Dlink Dir-605L Firmware 2.13B01
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the config.smtp_email_subject parameter at /goform/formSetEmail.
network
low complexity
dlink CWE-787
critical
 9.8
9.8
2023-02-10 CVE-2023-24351 Out-of-bounds Write vulnerability in Dlink Dir-605L Firmware 2.13B01
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the FILECODE parameter at /goform/formLogin.
network
low complexity
dlink CWE-787
critical
 9.8
9.8
2023-02-10 CVE-2023-24352 Out-of-bounds Write vulnerability in Dlink Dir-605L Firmware 2.13B01
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWPS.
network
low complexity
dlink CWE-787
critical
 9.8
9.8
2023-01-31 CVE-2022-47035 Classic Buffer Overflow vulnerability in Dlink Dir-825 Firmware 1.33.0.44Ebdd4Embedded
Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint.
network
low complexity
dlink CWE-120
critical
 9.8
9.8
2023-01-27 CVE-2022-48107 OS Command Injection vulnerability in Dlink DIR 878 Firmware 1.30B08
D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2023-01-27 CVE-2022-48108 OS Command Injection vulnerability in Dlink DIR 878 Firmware 1.30B08
D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2023-01-19 CVE-2022-46476 OS Command Injection vulnerability in Dlink Dir-859 A1 Firmware 1.05
D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function.
network
low complexity
dlink CWE-78
critical
 9.8
9.8