Vulnerabilities > Dlink > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-04 | CVE-2013-7055 | Insufficiently Protected Credentials vulnerability in Dlink Dir-100 Firmware 4.03B07 D-Link DIR-100 4.03B07 has PPTP and poe information disclosure | 9.8 |
| 2020-02-04 | CVE-2013-7052 | Insufficiently Protected Credentials vulnerability in Dlink Dir-100 Firmware 4.03B07 D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script | 9.8 |
| 2020-01-29 | CVE-2019-20217 | OS Command Injection vulnerability in Dlink Dir-859 Firmware 1.05/1.06B01 D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishandled. | 9.8 |
| 2020-01-29 | CVE-2019-20216 | OS Command Injection vulnerability in Dlink Dir-859 Firmware 1.05/1.06B01 D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishandled. | 9.8 |
| 2020-01-29 | CVE-2019-20215 | OS Command Injection vulnerability in Dlink Dir-859 Firmware 1.05/1.06B01 D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled. | 9.8 |
| 2020-01-28 | CVE-2013-1599 | OS Command Injection vulnerability in Dlink products A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.00, DCS-7410 1.00, DCS-7510 1.00, and WCS-1100 1.02, which could let a remote malicious user execute arbitrary commands through the camera’s web interface. | 9.8 |
| 2020-01-07 | CVE-2019-17146 | Missing Authentication for Critical Function vulnerability in Dlink Dcs-935L Firmware and Dcs-960L Firmware This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link DCS-960L v1.07.102. | 9.8 |
| 2019-12-30 | CVE-2019-17621 | OS Command Injection vulnerability in Dlink products The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. | 9.8 |
| 2019-12-26 | CVE-2019-16327 | Improper Authentication vulnerability in Dlink Dir-601 Firmware 2.00Na D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypass. | 9.8 |
| 2019-11-11 | CVE-2019-18852 | Cleartext Transmission of Sensitive Information vulnerability in Dlink products Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. | 9.8 |