Vulnerabilities > Dlink > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-19 | CVE-2019-15655 | Insufficiently Protected Credentials vulnerability in Dlink Dsl-2875Al Firmware 1.00.05 D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /romfile.cfg request to the web management server. | 7.5 |
| 2020-03-09 | CVE-2016-11021 | OS Command Injection vulnerability in Dlink Dcs-930L Firmware setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter. | 7.2 |
| 2020-03-07 | CVE-2020-10216 | OS Command Injection vulnerability in multiple products An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. | 8.8 |
| 2020-03-07 | CVE-2020-10215 | OS Command Injection vulnerability in multiple products An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. | 8.8 |
| 2020-03-07 | CVE-2020-10214 | Out-of-bounds Write vulnerability in Dlink Dir-825 Firmware 2.10 An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. | 8.8 |
| 2020-03-07 | CVE-2020-10213 | OS Command Injection vulnerability in multiple products An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. | 8.8 |
| 2020-03-05 | CVE-2019-20501 | OS Command Injection vulnerability in Dlink Dwl-2600Ap Firmware 4.2.0.15 D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter. | 7.8 |
| 2020-03-05 | CVE-2019-20500 | OS Command Injection vulnerability in Dlink Dwl-2600Ap Firmware 4.2.0.15 D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter. | 7.8 |
| 2020-03-05 | CVE-2019-20499 | OS Command Injection vulnerability in Dlink Dwl-2600Ap Firmware 4.2.0.15 D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter. | 7.8 |
| 2020-03-04 | CVE-2019-19226 | Missing Authentication for Critical Function vulnerability in Dlink Dsl-2680 Firmware 1.03 A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to enable or disable MAC address filtering by submitting a crafted Forms/WlanMacFilter_1 POST request without being authenticated on the admin interface. | 7.5 |