Vulnerabilities > Dlink > High

DATE CVE VULNERABILITY TITLE RISK
2021-01-19 CVE-2021-3182 Out-of-bounds Write vulnerability in Dlink Dcs-5220 Firmware
D-Link DCS-5220 devices have a buffer overflow.
low complexity
dlink CWE-787
8.0
8.0
2021-01-08 CVE-2020-24577 Cleartext Storage of Sensitive Information vulnerability in Dlink Dsl-2888A Firmware 2.30Au
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55.
network
low complexity
dlink CWE-312
7.5
7.5
2020-12-22 CVE-2020-24581 OS Command Injection vulnerability in Dlink Dsl2888A Firmware
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55.
low complexity
dlink CWE-78
8.0
8.0
2020-12-22 CVE-2020-24580 Missing Authentication for Critical Function vulnerability in Dlink Dsl2888A Firmware
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55.
high complexity
dlink CWE-306
7.5
7.5
2020-12-22 CVE-2020-24579 Improper Authentication vulnerability in Dlink Dsl2888A Firmware
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55.
low complexity
dlink CWE-287
8.8
8.8
2020-12-15 CVE-2020-25759 OS Command Injection vulnerability in Dlink products
An issue was discovered on D-Link DSR-250 3.17 devices.
network
low complexity
dlink CWE-78
8.8
8.8
2020-12-15 CVE-2020-25758 Improper Validation of Integrity Check Value vulnerability in Dlink products
An issue was discovered on D-Link DSR-250 3.17 devices.
network
low complexity
dlink CWE-354
8.8
8.8
2020-12-15 CVE-2020-25757 OS Command Injection vulnerability in Dlink products
A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges.
low complexity
dlink CWE-78
8.8
8.8
2020-10-06 CVE-2020-26582 OS Command Injection vulnerability in Dlink Dap-1360U Firmware
D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping (aka res_config_action=3&res_config_id=18).
network
low complexity
dlink CWE-78
8.8
8.8
2020-09-02 CVE-2020-25079 Command Injection vulnerability in Dlink Dcs-2530L Firmware and Dcs-2670L Firmware
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices.
network
low complexity
dlink CWE-77
8.8
8.8