Vulnerabilities > Dlink > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-06-02 CVE-2022-30521 Out-of-bounds Write vulnerability in Dlink Dir-890L Firmware 1.05/1.07B09
The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions.
network
low complexity
dlink CWE-787
critical
 9.8
9.8
2022-05-23 CVE-2022-28932 Incorrect Default Permissions vulnerability in Dlink Dsl-G2452Dg Firmware
D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions.
network
low complexity
dlink CWE-276
critical
 9.8
9.8
2022-05-18 CVE-2022-28956 Unspecified vulnerability in Dlink Dir-816L Firmware 206B01
An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.
network
low complexity
dlink
critical
 9.8
9.8
2022-05-10 CVE-2022-28895 OS Command Injection vulnerability in Dlink Dir-882 Firmware 1.30B06
A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2022-05-10 CVE-2022-28896 OS Command Injection vulnerability in Dlink Dir-882 Firmware 1.30B06
A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2022-05-10 CVE-2022-28901 OS Command Injection vulnerability in Dlink Dir-882 Firmware 1.30B06
A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2022-05-10 CVE-2022-28915 OS Command Injection vulnerability in Dlink Dir-816 Firmware 1.10Cnb04
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2022-05-10 CVE-2022-29321 Out-of-bounds Write vulnerability in Dlink Dir-816 Firmware 1.10Cnb04
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan.
network
low complexity
dlink CWE-787
critical
 9.8
9.8
2022-05-10 CVE-2022-29322 Out-of-bounds Write vulnerability in Dlink Dir-816 Firmware 1.10Cnb04
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip.
network
low complexity
dlink CWE-787
critical
 9.8
9.8
2022-05-10 CVE-2022-29323 Out-of-bounds Write vulnerability in Dlink Dir-816 Firmware 1.10Cnb04
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment.
network
low complexity
dlink CWE-787
critical
 9.8
9.8