Vulnerabilities > Dlink > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-05-13 CVE-2018-19989 OS Command Injection vulnerability in multiple products
In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices.
network
low complexity
d-link dlink CWE-78
critical
 9.8
9.8
2019-05-13 CVE-2018-19987 OS Command Injection vulnerability in multiple products
D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode.
network
low complexity
d-link dlink CWE-78
critical
 9.8
9.8
2019-04-11 CVE-2018-19300 Improper Input Validation vulnerability in multiple products
On D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) before firmware version 1.06b01, DWR-111 (A1) before firmware version 1.02v02, DWR-116 (A1) before firmware version 1.06b03, DWR-512 (B1) before firmware version 2.02b01, DWR-711 (A1) through firmware version 1.11, DWR-712 (B1) before firmware version 2.04b01, DWR-921 (A1) before firmware version 1.02b01, and DWR-921 (B1) before firmware version 2.03b01, there exists an EXCU_SHELL file in the web directory.
network
low complexity
d-link dlink CWE-20
critical
 9.8
9.8
2019-03-25 CVE-2019-10041 Missing Authentication for Critical Function vulnerability in Dlink Dir-816 Firmware 1.11
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request.
network
low complexity
dlink CWE-306
critical
 9.8
9.8
2019-03-25 CVE-2019-10040 Missing Authentication for Critical Function vulnerability in Dlink Dir-816 Firmware 1.11
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request.
network
low complexity
dlink CWE-306
critical
 9.8
9.8
2019-03-25 CVE-2019-10039 Missing Authentication for Critical Function vulnerability in Dlink Dir-816 Firmware 1.11
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request.
network
low complexity
dlink CWE-306
critical
 9.8
9.8
2019-02-25 CVE-2019-9123 Weak Password Requirements vulnerability in Dlink Dir-825 Rev.B Firmware 2.10
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices.
network
low complexity
dlink CWE-521
critical
 9.8
9.8
2019-02-11 CVE-2019-7736 Forced Browsing vulnerability in Dlink Dir-600M Firmware 3.04
D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page.
network
low complexity
dlink CWE-425
critical
 9.8
9.8
2019-01-09 CVE-2018-20675 Improper Authentication vulnerability in Dlink products
D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass.
network
low complexity
dlink CWE-287
critical
 9.8
9.8
2019-01-02 CVE-2018-20114 OS Command Injection vulnerability in Dlink Dir-818Lw Firmware and Dir-860L Firmware
On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter.
network
low complexity
dlink CWE-78
critical
 9.8
9.8