Vulnerabilities > Dlink > High

DATE CVE VULNERABILITY TITLE RISK
2022-12-20 CVE-2022-46076 Incorrect Authorization vulnerability in Dlink Dir-869 Firmware and Dir-869Ax Firmware
D-Link DIR-869 DIR869Ax_FW102B15 is vulnerable to Authentication Bypass via phpcgi.
network
low complexity
dlink CWE-863
7.5
7.5
2022-11-29 CVE-2022-40799 Download of Code Without Integrity Check vulnerability in Dlink Dnr-322L Firmware
Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device.
network
low complexity
dlink CWE-494
8.8
8.8
2022-11-17 CVE-2022-36785 Incorrect Authorization vulnerability in Dlink G Integrated Access Device4 Firmware 1.0
D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass. *Information Disclosure – file contains a URL with private IP at line 15 "login.asp" A.
network
low complexity
dlink CWE-863
7.5
7.5
2022-10-26 CVE-2022-42999 OS Command Injection vulnerability in Dlink Dir-816 Firmware 1.10B05
D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm.
network
low complexity
dlink CWE-78
7.5
7.5
2022-10-13 CVE-2022-42156 Command Injection vulnerability in Dlink products
D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at function SetNetworkTomographySettings.
network
low complexity
dlink CWE-77
8.8
8.8
2022-10-13 CVE-2022-42160 Command Injection vulnerability in Dlink products
D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings.
network
low complexity
dlink CWE-77
8.8
8.8
2022-10-13 CVE-2022-42161 Command Injection vulnerability in Dlink products
D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS.
network
low complexity
dlink CWE-77
8.8
8.8
2022-09-08 CVE-2022-38258 Path Traversal vulnerability in Dlink Dir-819 Firmware 1.06
A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 allows attackers to cause a Denial of Service (DoS) or access sensitive server information via manipulation of the getpage parameter in a crafted web request.
network
low complexity
dlink CWE-22
8.1
8.1
2022-08-31 CVE-2022-37123 OS Command Injection vulnerability in Dlink Dir-816 Firmware 1.10Cnb04
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi.
network
low complexity
dlink CWE-78
8.8
8.8
2022-08-31 CVE-2022-37129 OS Command Injection vulnerability in Dlink Dir-816 Firmware 1.10Cnb04
D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand.
network
low complexity
dlink CWE-78
8.8
8.8