High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-06-08	CVE-2020-12695	Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. network high complexity ui w1-fi asus broadcom canon cisco dlink dell epson hp huawei nec netgear ruckussecurity tp-link zte zyxel microsoft fedoraproject debian canonical CWE-276	7.5
2020-05-18	CVE-2020-13136	Unspecified vulnerability in Dlink Dsp-W215 Firmware 1.26B03 D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer. network low complexity dlink	7.5
2020-04-20	CVE-2020-9277	Improper Authentication vulnerability in Dlink Dsl-2640B Firmware Eu4.01B An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. network low complexity dlink CWE-287	7.5
2020-03-23	CVE-2020-8864	Incorrect Comparison vulnerability in Dlink products This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. low complexity dlink CWE-697	8.3
2020-03-23	CVE-2020-8863	Improper Authentication vulnerability in Dlink products This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. low complexity dlink CWE-287	8.3
2020-03-21	CVE-2019-12767	OS Command Injection vulnerability in Dlink Dap-1650 Firmware An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H Hot Fix. network low complexity dlink CWE-78	7.5
2020-03-19	CVE-2019-15656	Insufficiently Protected Credentials vulnerability in Dlink Dsl-2875Al Firmware and Dsl-2877Al Firmware D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of username_v and password_v variables. network low complexity dlink CWE-522	7.5
2020-03-19	CVE-2019-15655	Insufficiently Protected Credentials vulnerability in Dlink Dsl-2875Al Firmware 1.00.05 D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /romfile.cfg request to the web management server. network low complexity dlink CWE-522	7.5
2020-03-05	CVE-2019-20501	OS Command Injection vulnerability in Dlink Dwl-2600Ap Firmware D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter. local low complexity dlink CWE-78	7.8
2020-03-05	CVE-2019-20500	OS Command Injection vulnerability in Dlink Dwl-2600Ap Firmware D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter. local low complexity dlink CWE-78	7.8