Vulnerabilities > Dlink > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-21 | CVE-2020-6842 | OS Command Injection vulnerability in Dlink Dch-M225 Firmware 1.05B01 D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name. | 7.2 |
| 2020-02-19 | CVE-2012-6614 | Missing Authorization vulnerability in Dlink Dsr-250N Firmware D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password. | 7.2 |
| 2020-02-04 | CVE-2013-7053 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-100 Firmware 4.03B07 D-Link DIR-100 4.03B07: cli.cgi CSRF | 8.8 |
| 2020-02-04 | CVE-2013-7051 | Improper Authentication vulnerability in Dlink Dir-100 Firmware 4.03B07 D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters | 8.8 |
| 2020-01-28 | CVE-2013-1602 | Information Exposure vulnerability in Dlink products An Information Disclosure vulnerability exists due to insufficient validation of authentication cookies for the RTSP session in D-Link DCS-5635 1.01, DCS-1100L 1.04, DCS-1130L 1.04, DCS-1100 1.03/1.04_US, DCS-1130 1.03/1.04_US , DCS-2102 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-2121 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.0, DCS-7410 1.0, DCS-7510 1.0, and WCS-1100 1.02, which could let a malicious user obtain unauthorized access to video streams. | 7.5 |
| 2020-01-25 | CVE-2012-6613 | Unspecified vulnerability in Dlink Dsr-250N Firmware 1.05B73Ww D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account. | 7.2 |
| 2020-01-02 | CVE-2019-20213 | Incorrect Authorization vulnerability in Dlink products D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. | 7.5 |
| 2019-12-27 | CVE-2014-3136 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dwr-113 Firmware 2.02 Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. | 8.8 |
| 2019-12-26 | CVE-2019-16326 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-601 Firmware 2.00Na D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented. | 8.8 |
| 2019-12-26 | CVE-2019-6014 | OS Command Injection vulnerability in Dlink Dba-1510P Firmware 1.70B005/1.70B009 DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface. | 8.8 |