Vulnerabilities > Dlink > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-04 | CVE-2013-7051 | Improper Authentication vulnerability in Dlink Dir-100 Firmware 4.03B07 D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters | 8.8 |
| 2020-01-28 | CVE-2013-1602 | Information Exposure vulnerability in Dlink products An Information Disclosure vulnerability exists due to insufficient validation of authentication cookies for the RTSP session in D-Link DCS-5635 1.01, DCS-1100L 1.04, DCS-1130L 1.04, DCS-1100 1.03/1.04_US, DCS-1130 1.03/1.04_US , DCS-2102 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-2121 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.0, DCS-7410 1.0, DCS-7510 1.0, and WCS-1100 1.02, which could let a malicious user obtain unauthorized access to video streams. | 7.5 |
| 2020-01-25 | CVE-2012-6613 | Unspecified vulnerability in Dlink Dsr-250N Firmware 1.05B73Ww D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account. | 7.2 |
| 2020-01-02 | CVE-2019-20213 | Incorrect Authorization vulnerability in Dlink products D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. | 7.5 |
| 2019-12-27 | CVE-2014-3136 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dwr-113 Firmware 2.02 Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. | 8.8 |
| 2019-12-26 | CVE-2019-16326 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-601 Firmware 2.00Na D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented. | 8.8 |
| 2019-12-26 | CVE-2019-6014 | OS Command Injection vulnerability in Dlink Dba-1510P Firmware 1.70B005/1.70B009 DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface. | 8.8 |
| 2019-12-05 | CVE-2019-19598 | Improper Authentication vulnerability in Dlink Dap-1860 Firmware 1.01B06/1.02B01/1.04B01 D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. | 8.8 |
| 2019-12-05 | CVE-2019-19597 | Incorrect Authorization vulnerability in Dlink Dap-1860 Firmware 1.01B06/1.02B01/1.04B01 D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header. | 8.8 |
| 2019-10-25 | CVE-2013-4855 | Path Traversal vulnerability in Dlink Dir-865L Firmware D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share. | 8.8 |