Vulnerabilities > Dlink > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-05-02 CVE-2022-28573 OS Command Injection vulnerability in Dlink Dir-823 PRO Firmware 1.0.2
D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2022-05-02 CVE-2022-28571 OS Command Injection vulnerability in Dlink Dir-882 Firmware 1.30B06
D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2022-04-27 CVE-2021-46441 OS Command Injection vulnerability in Dlink Dir-825 Firmware
In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization.
network
low complexity
dlink CWE-78
critical
 9.0
9.0
2022-03-28 CVE-2022-26258 OS Command Injection vulnerability in Dlink Dir-820L Firmware 1.05
D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2022-03-27 CVE-2021-44127 Unspecified vulnerability in Dlink Dap-1360F1 Firmware
In DLink DAP-1360 F1 firmware version <=v6.10 in the "webupg" binary, an attacker can use the "file" parameter to execute arbitrary system commands when the parameter is "name=deleteFile" after being authorized.
network
low complexity
dlink
critical
 10.0
10
2022-03-24 CVE-2021-31326 Improper Authentication vulnerability in Dlink Dir-816 Firmware 1.10Cnb05
D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi.
network
low complexity
dlink CWE-287
critical
 9.0
9.0
2022-02-17 CVE-2021-46315 OS Command Injection vulnerability in Dlink Dir-846 Firmware 100A43/100A53Dla
Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin.
network
low complexity
dlink CWE-78
critical
 10.0
10
2022-02-17 CVE-2021-46319 OS Command Injection vulnerability in Dlink Dir-846 Firmware 100A43/100A53Dla
Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin.
network
low complexity
dlink CWE-78
critical
 10.0
10
2022-02-17 CVE-2021-45382 OS Command Injection vulnerability in Dlink products
A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2022-02-04 CVE-2021-44880 Command Injection vulnerability in Dlink Dir-878 Firmware and Dir-882 Firmware
D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882_FW1.30B06_Hotfix_02 were discovered to contain a command injection vulnerability in the system function.
network
low complexity
dlink CWE-77
critical
 10.0
10