Vulnerabilities > Dlink > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-05 | CVE-2019-20499 | OS Command Injection vulnerability in Dlink Dwl-2600Ap Firmware D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter. | 7.8 |
| 2020-03-04 | CVE-2019-19226 | Missing Authentication for Critical Function vulnerability in Dlink Dsl-2680 Firmware 1.03 A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to enable or disable MAC address filtering by submitting a crafted Forms/WlanMacFilter_1 POST request without being authenticated on the admin interface. | 7.5 |
| 2020-03-04 | CVE-2019-19225 | Missing Authentication for Critical Function vulnerability in Dlink Dsl-2680 Firmware 1.03 A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to change DNS servers without being authenticated on the admin interface by submitting a crafted Forms/dns_1 POST request. | 7.5 |
| 2020-03-04 | CVE-2019-19224 | Missing Authentication for Critical Function vulnerability in Dlink Dsl-2680 Firmware 1.03 A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to download the configuration (binary file) settings by submitting a rom-0 GET request without being authenticated on the admin interface. | 7.5 |
| 2020-03-04 | CVE-2019-19223 | HTTP Request Smuggling vulnerability in Dlink Dsl-2680 Firmware 1.03 A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to reboot the router by submitting a reboot.html GET request without being authenticated on the admin interface. | 7.5 |
| 2020-03-02 | CVE-2020-9535 | Out-of-bounds Write vulnerability in Dlink Dir-615Jx10 Firmware fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup_Wizard webpage parameter when f_radius_ip1 is malformed. | 8.8 |
| 2020-03-02 | CVE-2020-9534 | Out-of-bounds Write vulnerability in Dlink Dir-615Jx10 Firmware fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup webpage parameter when f_radius_ip1 is malformed. | 8.8 |
| 2020-02-22 | CVE-2020-8862 | Improper Authentication vulnerability in Dlink Dap-2610 Firmware This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. | 8.3 |
| 2020-02-22 | CVE-2020-8861 | Improper Authentication vulnerability in Dlink Dap-1330 Firmware 1.00.B21/1.10B01 This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. | 8.3 |
| 2020-02-21 | CVE-2020-6842 | OS Command Injection vulnerability in Dlink Dch-M225 Firmware D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name. | 7.2 |