Vulnerabilities > Dlink > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-02-10 CVE-2023-24352 Out-of-bounds Write vulnerability in Dlink Dir-605L Firmware 2.13B01
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWPS.
network
low complexity
dlink CWE-787
critical
 9.8
9.8
2023-01-31 CVE-2022-47035 Classic Buffer Overflow vulnerability in Dlink Dir-825 Firmware 1.33.0.44Ebdd4Embedded
Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint.
network
low complexity
dlink CWE-120
critical
 9.8
9.8
2023-01-27 CVE-2022-48107 OS Command Injection vulnerability in Dlink DIR 878 Firmware 1.30B08
D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2023-01-27 CVE-2022-48108 OS Command Injection vulnerability in Dlink DIR 878 Firmware 1.30B08
D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2023-01-19 CVE-2022-46476 OS Command Injection vulnerability in Dlink Dir-859 A1 Firmware 1.05
D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2023-01-17 CVE-2022-46475 Out-of-bounds Write vulnerability in Dlink Dir-645 Firmware 1.06B01Beta01
D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack overflow via the service= variable in the genacgi_main function.
network
low complexity
dlink CWE-787
critical
 9.8
9.8
2022-12-23 CVE-2022-46641 Command Injection vulnerability in Dlink Dir-846 Firmware 100A43
D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the lan(0)_dhcps_staticlist parameter in the SetIpMacBindSettings function.
network
low complexity
dlink CWE-77
critical
 9.9
9.9
2022-12-23 CVE-2022-46642 Command Injection vulnerability in Dlink Dir-846 Firmware 100A43
D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the auto_upgrade_hour parameter in the SetAutoUpgradeInfo function.
network
low complexity
dlink CWE-77
critical
 9.9
9.9
2022-12-14 CVE-2022-44832 Command Injection vulnerability in Dlink Dir-3040 Firmware 120B03
D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function.
network
low complexity
dlink CWE-77
critical
 9.8
9.8
2022-12-02 CVE-2022-44930 OS Command Injection vulnerability in Dlink Dhp-W310Av Firmware 3.10Eu
D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function.
network
low complexity
dlink CWE-78
critical
 9.8
9.8