Vulnerabilities > Dlink > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-25 | CVE-2013-4857 | XML Injection (aka Blind XPath Injection) vulnerability in Dlink Dir-865L Firmware D-Link DIR-865L has PHP File Inclusion in the router xml file. | 9.8 |
| 2019-10-16 | CVE-2019-17512 | Missing Authentication for Critical Function vulnerability in Dlink Dir-412 Firmware A11.14Ww There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. | 9.1 |
| 2019-10-14 | CVE-2017-14948 | Classic Buffer Overflow vulnerability in Dlink products Certain D-Link products are affected by: Buffer Overflow. | 9.8 |
| 2019-10-11 | CVE-2019-17510 | OS Command Injection vulnerability in Dlink Dir-846 Firmware 100A35 D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell metacharacters to /squashfs-root/www/HNAP1/control/SetWizardConfig.php. | 9.8 |
| 2019-10-11 | CVE-2019-17509 | OS Command Injection vulnerability in Dlink Dir-846 Firmware 100A35 D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php. | 9.8 |
| 2019-10-11 | CVE-2019-17508 | OS Command Injection vulnerability in Dlink Dir-850L a Firmware and Dir-859 A3 Firmware On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable. | 9.8 |
| 2019-10-11 | CVE-2019-17506 | Missing Authentication for Critical Function vulnerability in Dlink Dir-817Lw A1 Firmware and Dir-868L B1 Firmware There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. | 9.8 |
| 2019-09-27 | CVE-2019-16920 | OS Command Injection vulnerability in Dlink products Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. | 9.8 |
| 2019-09-16 | CVE-2019-16057 | OS Command Injection vulnerability in Dlink Dns-320 Firmware The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. | 9.8 |
| 2019-09-09 | CVE-2019-16190 | Improper Authentication vulnerability in Dlink products SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php. | 9.8 |