Vulnerabilities > Dlink > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-10 | CVE-2022-27295 | Out-of-bounds Write vulnerability in Dlink Dir-619 Firmware 1.00 D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formAdvanceSetup. | 7.5 |
| 2022-04-07 | CVE-2022-26670 | OS Command Injection vulnerability in Dlink Dir-878 Firmware D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. | 8.8 |
| 2022-03-04 | CVE-2021-46381 | Path Traversal vulnerability in Dlink Dap-1620 Firmware Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow]. | 7.5 |
| 2022-03-04 | CVE-2021-46378 | Forced Browsing vulnerability in Dlink Dir-850L Firmware 1.08Trb03 DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download. | 7.5 |
| 2022-02-09 | CVE-2021-41442 | HTTP Request Smuggling vulnerability in Dlink Dir-X1860 Firmware 1.03 An HTTP smuggling attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet. | 7.5 |
| 2022-02-09 | CVE-2021-41441 | Improper Resource Shutdown or Release vulnerability in Dlink Dir-X1860 Firmware 1.03 A DoS attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to reboot the router via sending a specially crafted URL to an authenticated victim. | 7.4 |
| 2021-12-30 | CVE-2021-20132 | Use of Hard-coded Credentials vulnerability in Dlink Dir-2640-Us Firmware 1.01/1.01B04/1.11B02 Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. | 8.8 |
| 2021-12-30 | CVE-2021-20134 | Path Traversal vulnerability in Dlink Dir-2640-Us Firmware 1.01/1.01B04/1.11B02 Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set an arbitrary file on the router's filesystem as the log file used by either Quagga service (zebra or ripd). | 8.4 |
| 2021-10-25 | CVE-2021-34861 | Unspecified vulnerability in Dlink Dap-2020 Firmware 1.01 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. low complexity dlink | 8.8 |
| 2021-10-25 | CVE-2021-34862 | Unspecified vulnerability in Dlink Dap-2020 Firmware 1.01 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. low complexity dlink | 8.8 |