Vulnerabilities > Dlink > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-08-23 CVE-2019-15526 OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.0.2B05
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05.
network
low complexity
dlink CWE-78
critical
 9.0
9.0
2019-07-23 CVE-2019-1010155 Unspecified vulnerability in Dlink Dsl-2750U Firmware 1.11
D-Link DSL-2750U 1.11 is affected by: Authentication Bypass.
network
low complexity
dlink
critical
 9.1
9.1
2019-07-11 CVE-2019-13561 OS Command Injection vulnerability in Dlink Dir-655 Firmware 3.02B05
D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter.
network
low complexity
dlink CWE-78
critical
 10.0
10
2019-07-10 CVE-2019-13482 OS Command Injection vulnerability in Dlink Dir-818Lw Firmware 2.06
An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01.
network
low complexity
dlink CWE-78
critical
 9.0
9.0
2019-07-10 CVE-2019-13481 OS Command Injection vulnerability in Dlink Dir-818Lw Firmware 2.06
An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01.
network
low complexity
dlink CWE-78
critical
 9.0
9.0
2019-07-06 CVE-2019-13375 SQL Injection vulnerability in Dlink Central Wifimanager 1.03
A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode.
network
low complexity
dlink CWE-89
critical
 9.8
9.8
2019-07-06 CVE-2019-13373 SQL Injection vulnerability in Dlink Central Wifimanager 1.03
An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6.
network
low complexity
dlink CWE-89
critical
 9.8
9.8
2019-07-06 CVE-2019-13372 Code Injection vulnerability in Dlink Central Wifimanager
/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication.
network
low complexity
dlink CWE-94
critical
 9.8
9.8
2019-07-02 CVE-2017-8415 Use of Hard-coded Credentials vulnerability in Dlink Dcs-1100 Firmware and Dcs-1130 Firmware
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices.
network
low complexity
dlink CWE-798
critical
 10.0
10
2019-07-02 CVE-2017-8410 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dlink Dcs-1100 Firmware and Dcs-1130 Firmware
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices.
network
low complexity
dlink CWE-119
critical
 10.0
10