Vulnerabilities > Dlink > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-11 | CVE-2019-13561 | OS Command Injection vulnerability in Dlink Dir-655 Firmware 3.02B05 D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter. | 9.8 |
| 2019-07-11 | CVE-2019-13560 | Credentials Management vulnerability in Dlink Dir-655 Firmware 3.02B05 D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter. | 9.8 |
| 2019-07-06 | CVE-2019-13375 | SQL Injection vulnerability in Dlink Central Wifimanager 1.03 A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. | 9.8 |
| 2019-07-06 | CVE-2019-13373 | SQL Injection vulnerability in Dlink Central Wifimanager 1.03 An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. | 9.8 |
| 2019-07-06 | CVE-2019-13372 | Code Injection vulnerability in Dlink Central Wifimanager /web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication. | 9.8 |
| 2019-07-02 | CVE-2017-8415 | Use of Hard-coded Credentials vulnerability in Dlink Dcs-1100 Firmware and Dcs-1130 Firmware An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. | 9.8 |
| 2019-07-02 | CVE-2017-8410 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dlink Dcs-1100 Firmware and Dcs-1130 Firmware An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. | 9.8 |
| 2019-07-02 | CVE-2017-8404 | Command Injection vulnerability in Dlink Dcs-1130 Firmware An issue was discovered on D-Link DCS-1130 devices. | 9.8 |
| 2019-07-02 | CVE-2017-8408 | Command Injection vulnerability in Dlink Dcs-1130 Firmware An issue was discovered on D-Link DCS-1130 devices. | 9.8 |
| 2019-06-11 | CVE-2013-7471 | Command Injection vulnerability in Dlink products An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. | 9.8 |