Vulnerabilities > Dlink > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-13 | CVE-2016-6563 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dlink products Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. | 10.0 |
| 2018-06-19 | CVE-2018-6210 | Use of Hard-coded Credentials vulnerability in Dlink Dir-620 Firmware 1.0.37 D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session. | 10.0 |
| 2018-05-23 | CVE-2018-8898 | Improper Authentication vulnerability in Dlink Dsl-3782 Firmware 3.10.0.24 A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and configurations meanwhile an administrator is logged into the web panel. | 9.8 |
| 2018-04-16 | CVE-2018-10106 | Information Exposure vulnerability in Dlink Dir-815 Firmware D-Link DIR-815 REV. | 9.8 |
| 2018-04-12 | CVE-2015-0152 | Information Exposure vulnerability in Dlink Dir-815 Firmware D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the administrative password. | 9.8 |
| 2018-04-12 | CVE-2015-0150 | Improper Access Control vulnerability in Dlink Dir-815 Firmware The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to bypass intended access restrictions via unspecified vectors. | 9.8 |
| 2018-04-12 | CVE-2014-8888 | Command Injection vulnerability in Dlink Dir-815 Firmware 2.03.B02 The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an "HTTP command injection issue." | 9.8 |
| 2018-04-04 | CVE-2018-9284 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dlink Singapore Starhub Firmware authentication.cgi on D-Link DIR-868L devices with Singapore StarHub firmware before v1.21SHCb03 allows remote attackers to execute arbitrary code. | 9.8 |
| 2018-03-06 | CVE-2018-6530 | OS Command Injection vulnerability in Dlink products OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter. | 9.8 |
| 2017-10-26 | CVE-2017-15909 | Use of Hard-coded Credentials vulnerability in Dlink Dgs-1500 Firmware 2.10.002/2.50.008/2.51.005 D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access. | 9.8 |