Vulnerabilities > Dlink > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-06-08 | CVE-2020-12695 | Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | 7.5 |
2020-05-18 | CVE-2020-13136 | Unspecified vulnerability in Dlink Dsp-W215 Firmware 1.26B03 D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer. | 7.5 |
2020-04-20 | CVE-2020-9277 | Improper Authentication vulnerability in Dlink Dsl-2640B Firmware Eu4.01B An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. | 7.5 |
2020-03-23 | CVE-2020-8864 | Incorrect Comparison vulnerability in Dlink products This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. | 8.3 |
2020-03-23 | CVE-2020-8863 | Improper Authentication vulnerability in Dlink products This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. | 8.3 |
2020-03-21 | CVE-2019-12767 | OS Command Injection vulnerability in Dlink Dap-1650 Firmware An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H Hot Fix. | 7.5 |
2020-03-19 | CVE-2019-15656 | Insufficiently Protected Credentials vulnerability in Dlink Dsl-2875Al Firmware and Dsl-2877Al Firmware D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of username_v and password_v variables. | 7.5 |
2020-03-19 | CVE-2019-15655 | Insufficiently Protected Credentials vulnerability in Dlink Dsl-2875Al Firmware 1.00.05 D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /romfile.cfg request to the web management server. | 7.5 |
2020-03-05 | CVE-2019-20501 | OS Command Injection vulnerability in Dlink Dwl-2600Ap Firmware D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter. | 7.8 |
2020-03-05 | CVE-2019-20500 | OS Command Injection vulnerability in Dlink Dwl-2600Ap Firmware D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter. | 7.8 |