Vulnerabilities > Dlink > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-09 | CVE-2016-11021 | OS Command Injection vulnerability in Dlink Dcs-930L Firmware setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter. | 9.0 |
| 2020-03-07 | CVE-2020-10216 | OS Command Injection vulnerability in multiple products An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. | 9.0 |
| 2020-03-07 | CVE-2020-10215 | OS Command Injection vulnerability in multiple products An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. | 9.0 |
| 2020-03-07 | CVE-2020-10214 | Out-of-bounds Write vulnerability in Dlink Dir-825 Firmware 2.10 An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. | 9.0 |
| 2020-03-07 | CVE-2020-10213 | OS Command Injection vulnerability in multiple products An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. | 9.0 |
| 2020-02-21 | CVE-2020-6841 | OS Command Injection vulnerability in Dlink Dch-M225 Firmware D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. | 9.8 |
| 2020-02-11 | CVE-2013-5945 | SQL Injection vulnerability in Dlink products Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua. | 10.0 |
| 2020-02-04 | CVE-2013-7055 | Insufficiently Protected Credentials vulnerability in Dlink Dir-100 Firmware 4.03B07 D-Link DIR-100 4.03B07 has PPTP and poe information disclosure | 9.8 |
| 2020-02-04 | CVE-2013-7052 | Insufficiently Protected Credentials vulnerability in Dlink Dir-100 Firmware 4.03B07 D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script | 9.8 |
| 2020-01-29 | CVE-2019-20217 | OS Command Injection vulnerability in Dlink Dir-859 Firmware 1.05/1.06B01 D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishandled. | 9.8 |