Vulnerabilities > Dlink > High

DATE CVE VULNERABILITY TITLE RISK
2017-09-13 CVE-2017-14424 Incorrect Default Permissions vulnerability in Dlink Dir-850L Firmware
D-Link DIR-850L REV.
local
low complexity
dlink CWE-276
7.8
7.8
2017-09-13 CVE-2017-14423 Improper Restriction of Excessive Authentication Attempts vulnerability in Dlink Dir-850L Firmware
htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV.
network
low complexity
dlink CWE-307
7.5
7.5
2017-09-13 CVE-2017-14422 Use of Hard-coded Credentials vulnerability in Dlink Dir-850L Firmware
D-Link DIR-850L REV.
network
low complexity
dlink CWE-798
7.5
7.5
2017-09-13 CVE-2017-14418 Insufficiently Protected Credentials vulnerability in Dlink Dir-850L Firmware
The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV.
network
high complexity
dlink CWE-522
8.1
8.1
2017-07-07 CVE-2017-7404 Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-615 20.12Ptb01
On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim's Router without knowing the credentials (CSRF).
network
low complexity
dlink CWE-352
8.8
8.8
2017-06-15 CVE-2017-9675 Improper Input Validation vulnerability in Dlink Dir-605L Firmware 2.08B01
On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an unauthenticated GET request to trigger a reboot.
network
low complexity
dlink CWE-20
7.5
7.5
2017-05-21 CVE-2017-9100 Improper Authentication vulnerability in Dlink Dir-600M Firmware 3.04
login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt.
low complexity
dlink CWE-287
8.8
8.8
2017-04-24 CVE-2017-7852 Cross-Site Request Forgery (CSRF) vulnerability in Dlink products
D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack.
network
low complexity
dlink CWE-352
8.8
8.8
2017-04-10 CVE-2017-6190 Path Traversal vulnerability in Dlink Dwr-116 Firmware V1.00(Cp)B10/V1.01(Eu)/V1.05(Au)
Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a ..
network
low complexity
dlink CWE-22
7.5
7.5
2017-03-06 CVE-2017-6411 Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dsl-2730U Firmware In1.00
Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password.
network
low complexity
dlink CWE-352
8.8
8.8