Vulnerabilities > Dlink > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-29 | CVE-2018-12710 | Cleartext Transmission of Sensitive Information vulnerability in Dlink Dir-601 Firmware 2.02Na An issue was discovered on D-Link DIR-601 2.02NA devices. | 8.0 |
| 2018-08-24 | CVE-2017-11564 | Out-of-bounds Write vulnerability in Dlink Eyeon Baby Monitor Firmware 1.08.1 The D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has multiple command injection vulnerabilities in the web service framework. | 8.8 |
| 2018-05-10 | CVE-2018-10957 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-868L Firmware 1.12 CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. | 8.8 |
| 2018-05-04 | CVE-2018-10641 | Improper Authentication vulnerability in Dlink Dir-601 Firmware 1.02Na D-Link DIR-601 A1 1.02NA devices do not require the old password for a password change, which occurs in cleartext. | 8.1 |
| 2018-05-01 | CVE-2017-17020 | OS Command Injection vulnerability in Dlink products On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system. | 8.8 |
| 2018-04-12 | CVE-2015-0153 | Key Management Errors vulnerability in Dlink Dir-815 Firmware D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key. | 7.5 |
| 2018-04-12 | CVE-2015-0151 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-815 Firmware Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.8 |
| 2018-03-30 | CVE-2018-5708 | Insufficiently Protected Credentials vulnerability in Dlink Dir-601 Firmware 2.02Na An issue was discovered on D-Link DIR-601 B1 2.02NA devices. | 8.0 |
| 2017-12-16 | CVE-2017-3193 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dlink Dir-850L Firmware 1.14B07/2.07.B05 Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service. | 8.8 |
| 2017-11-30 | CVE-2017-17065 | Improper Input Validation vulnerability in Dlink Dir-605L Model B Firmware An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06_hbrf devices, related to the code that handles the authentication values for HNAP. | 7.5 |