Vulnerabilities > Dlink > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-02 | CVE-2020-25078 | Unspecified vulnerability in Dlink Dcs-2530L Firmware and Dcs-2670L Firmware An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. | 7.5 |
| 2020-07-23 | CVE-2020-15632 | Unspecified vulnerability in Dlink Dir-842 Firmware This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. low complexity dlink | 8.8 |
| 2020-07-23 | CVE-2020-15631 | Unspecified vulnerability in Dlink Dap-1860 Firmware This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 1.04B03_HOTFIX WiFi extenders. low complexity dlink | 8.0 |
| 2020-07-22 | CVE-2020-15896 | Improper Authentication vulnerability in Dlink Dap-1522 Firmware 1.41/1.42 An authentication-bypass issue was discovered on D-Link DAP-1522 devices 1.4x before 1.10b04Beta02. | 7.5 |
| 2020-07-22 | CVE-2020-15894 | Missing Authentication for Critical Function vulnerability in Dlink Dir-816L Firmware 2.06/2.06.B09 An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. | 7.5 |
| 2020-07-09 | CVE-2020-9377 | OS Command Injection vulnerability in Dlink Dir-610 Firmware D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. | 8.8 |
| 2020-07-09 | CVE-2020-9376 | Injection vulnerability in Dlink Dir-610 Firmware D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. | 7.5 |
| 2020-06-15 | CVE-2020-13150 | Missing Authentication for Critical Function vulnerability in Dlink Dsl-2750U Firmware Me1.03 D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active. | 7.8 |
| 2020-06-08 | CVE-2020-13960 | Unspecified vulnerability in Dlink Dir-600M Firmware and Dsl-2730U Firmware D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses (and also offer Internet services such as HTTP) for names that otherwise would have had an NXDOMAIN error, by registering a subdomain of the domain.name domain name. | 7.5 |
| 2020-06-08 | CVE-2020-12695 | Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | 7.5 |