Vulnerabilities > Dlink > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-08-24 CVE-2021-39509 Command Injection vulnerability in Dlink Dir-816 Firmware 1.10Cnb05R1B011D88210
An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function.
network
low complexity
dlink CWE-77
critical
9.8
2021-08-24 CVE-2021-39510 Command Injection vulnerability in Dlink Dir-816 Firmware 101Cnb04
An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function.
network
low complexity
dlink CWE-77
critical
9.8
2021-08-23 CVE-2021-39613 Use of Hard-coded Credentials vulnerability in Dlink Dvg-3104Ms Firmware 1.0.2.0.3/1.0.2.0.4/1.0.2.0.4E
D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.
network
low complexity
dlink CWE-798
critical
9.8
2021-08-23 CVE-2021-39614 Use of Hard-coded Credentials vulnerability in Dlink Dvx-2000Ms Firmware
D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.
network
low complexity
dlink CWE-798
critical
9.8
2021-08-23 CVE-2021-39615 Use of Hard-coded Credentials vulnerability in Dlink Dsr-500N Firmware 1.02
D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device.
network
low complexity
dlink CWE-798
critical
9.8
2021-08-06 CVE-2021-37388 Classic Buffer Overflow vulnerability in Dlink Dir-615 Firmware 3.03Ww
A buffer overflow in D-Link DIR-615 C2 3.03WW.
network
low complexity
dlink CWE-120
critical
9.8
2021-07-16 CVE-2021-21820 Use of Hard-coded Credentials vulnerability in Dlink Dir-3040 Firmware 1.13B03
A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03.
network
low complexity
dlink CWE-798
critical
9.8
2021-06-24 CVE-2021-33346 Missing Authentication for Critical Function vulnerability in Dlink Dsl-2888A Firmware
There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product.
network
low complexity
dlink CWE-306
critical
9.8
2021-04-26 CVE-2021-20697 Missing Authentication for Critical Function vulnerability in Dlink Dap-1880Ac Firmware 1.21
Missing authentication for critical function in DAP-1880AC firmware version 1.21 and earlier allows a remote attacker to login to the device as an authenticated user without the access privilege via unspecified vectors.
network
low complexity
dlink CWE-306
critical
9.8
2021-04-14 CVE-2021-27114 Out-of-bounds Write vulnerability in Dlink Dir-816 Firmware 1.10B05
An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices.
network
low complexity
dlink CWE-787
critical
9.8