Vulnerabilities > Dlink > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-07-22 CVE-2020-15892 Incorrect Resource Transfer Between Spheres vulnerability in Dlink Dap-1520 Firmware 1.0.8/1.10B04
An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02.
network
low complexity
dlink CWE-669
critical
 9.8
9.8
2020-05-15 CVE-2019-18666 Missing Authentication for Critical Function vulnerability in Dlink Dap-1360 Revision F Firmware 6.12B01
An issue was discovered on D-Link DAP-1360 revision F devices.
network
low complexity
dlink CWE-306
critical
 9.8
9.8
2020-04-20 CVE-2020-9279 Use of Hard-coded Credentials vulnerability in Dlink Dsl-2640B Firmware Eu4.01B
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices.
network
low complexity
dlink CWE-798
critical
 9.8
9.8
2020-04-20 CVE-2020-9278 Missing Authentication for Critical Function vulnerability in Dlink Dsl-2640B Firmware Eu4.01B
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices.
network
low complexity
dlink CWE-306
critical
 9.1
9.1
2020-04-20 CVE-2020-9277 Improper Authentication vulnerability in Dlink Dsl-2640B Firmware Eu4.01B
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices.
network
low complexity
dlink CWE-287
critical
 9.8
9.8
2020-04-20 CVE-2020-9275 Missing Authentication for Critical Function vulnerability in Dlink Dsl-2640B Firmware Eu4.01B
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices.
network
low complexity
dlink CWE-306
critical
 9.8
9.8
2020-03-21 CVE-2019-12767 OS Command Injection vulnerability in Dlink Dap-1650 Firmware
An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H Hot Fix.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2020-02-21 CVE-2020-6841 OS Command Injection vulnerability in Dlink Dch-M225 Firmware 1.05B01
D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2020-02-13 CVE-2020-8962 Out-of-bounds Write vulnerability in Dlink Dir-842 Firmware 3.13B09
A stack-based buffer overflow was found on the D-Link DIR-842 REVC with firmware v3.13B09 HOTFIX due to the use of strcpy for LOGINPASSWORD when handling a POST request to the /MTFWU endpoint.
network
low complexity
dlink CWE-787
critical
 9.8
9.8
2020-02-11 CVE-2013-5945 SQL Injection vulnerability in Dlink products
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua.
network
low complexity
dlink CWE-89
critical
 9.8
9.8