Vulnerabilities > Dlink > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-02 | CVE-2019-6968 | Cross-site Scripting vulnerability in Dlink Dva-5592 Firmware 20180823 The web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS because HTML form parameters are directly reflected. | 4.3 |
| 2019-08-01 | CVE-2019-14338 | Cross-site Scripting vulnerability in Dlink 6600-Ap Firmware and Dwl-3600Ap Firmware An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. | 4.3 |
| 2019-08-01 | CVE-2019-14333 | Unspecified vulnerability in Dlink 6600-Ap Firmware and Dwl-3600Ap Firmware An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. | 4.9 |
| 2019-08-01 | CVE-2019-14332 | Inadequate Encryption Strength vulnerability in Dlink 6600-Ap Firmware and Dwl-3600Ap Firmware An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. | 4.6 |
| 2019-07-11 | CVE-2019-13563 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-655 Firmware 3.02B05 D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console. | 6.8 |
| 2019-07-11 | CVE-2019-13562 | Cross-site Scripting vulnerability in Dlink Dir-655 Firmware 3.02B05 D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the /www/apply_sec.cgi html_response_return_page parameter. | 4.3 |
| 2019-07-11 | CVE-2019-13560 | Credentials Management vulnerability in Dlink Dir-655 Firmware 3.02B05 D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter. | 5.0 |
| 2019-07-06 | CVE-2019-13374 | Cross-site Scripting vulnerability in Dlink Central Wifimanager 1.03 A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter. | 6.1 |
| 2019-07-02 | CVE-2017-8412 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dlink Dcs-1100 Firmware and Dcs-1130 Firmware An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. | 5.8 |
| 2019-07-02 | CVE-2017-8409 | Improper Authorization vulnerability in Dlink Dcs-1130 Firmware An issue was discovered on D-Link DCS-1130 devices. | 5.0 |