Vulnerabilities > Dlink > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-07-22 CVE-2020-15893 OS Command Injection vulnerability in Dlink Dir-816L Firmware 2.06/2.06.B09
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02.
network
low complexity
dlink CWE-78
critical
9.8
2020-07-22 CVE-2020-15892 Incorrect Resource Transfer Between Spheres vulnerability in Dlink Dap-1520 Firmware 1.0.8/1.10B04
An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02.
network
low complexity
dlink CWE-669
critical
9.8
2020-05-15 CVE-2019-18666 Missing Authentication for Critical Function vulnerability in Dlink Dap-1360 Revision F Firmware 6.12B01
An issue was discovered on D-Link DAP-1360 revision F devices.
network
low complexity
dlink CWE-306
critical
9.8
2020-04-20 CVE-2020-9279 Use of Hard-coded Credentials vulnerability in Dlink Dsl-2640B Firmware Eu4.01B
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices.
network
low complexity
dlink CWE-798
critical
9.8
2020-04-20 CVE-2020-9278 Missing Authentication for Critical Function vulnerability in Dlink Dsl-2640B Firmware Eu4.01B
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices.
network
low complexity
dlink CWE-306
critical
9.1
2020-04-20 CVE-2020-9277 Improper Authentication vulnerability in Dlink Dsl-2640B Firmware Eu4.01B
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices.
network
low complexity
dlink CWE-287
critical
9.8
2020-04-20 CVE-2020-9275 Missing Authentication for Critical Function vulnerability in Dlink Dsl-2640B Firmware Eu4.01B
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices.
network
low complexity
dlink CWE-306
critical
9.8
2020-03-21 CVE-2019-12767 OS Command Injection vulnerability in Dlink Dap-1650 Firmware
An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H Hot Fix.
network
low complexity
dlink CWE-78
critical
9.8
2020-02-21 CVE-2020-6841 OS Command Injection vulnerability in Dlink Dch-M225 Firmware 1.05B01
D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter.
network
low complexity
dlink CWE-78
critical
9.8
2020-02-13 CVE-2020-8962 Out-of-bounds Write vulnerability in Dlink Dir-842 Firmware 3.13B09
A stack-based buffer overflow was found on the D-Link DIR-842 REVC with firmware v3.13B09 HOTFIX due to the use of strcpy for LOGINPASSWORD when handling a POST request to the /MTFWU endpoint.
network
low complexity
dlink CWE-787
critical
9.8