Vulnerabilities > Dlink > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-31 | CVE-2016-10699 | Cross-site Scripting vulnerability in Dlink Dsl-2740E Firmware 1.00Bg20150720 D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. | 6.1 |
| 2017-09-13 | CVE-2017-14420 | Improper Certificate Validation vulnerability in Dlink Dir-850L Firmware The D-Link NPAPI extension, as used on D-Link DIR-850L REV. | 5.9 |
| 2017-09-13 | CVE-2017-14419 | Improper Certificate Validation vulnerability in Dlink Dir-850L Firmware The D-Link NPAPI extension, as used on D-Link DIR-850L REV. | 5.9 |
| 2017-09-13 | CVE-2017-14416 | Cross-site Scripting vulnerability in Dlink Dir-850L Firmware D-Link DIR-850L REV. | 6.1 |
| 2017-09-13 | CVE-2017-14415 | Cross-site Scripting vulnerability in Dlink Dir-850L Firmware D-Link DIR-850L REV. | 6.1 |
| 2017-09-13 | CVE-2017-14414 | Cross-site Scripting vulnerability in Dlink Dir-850L Firmware D-Link DIR-850L REV. | 6.1 |
| 2017-09-13 | CVE-2017-14413 | Cross-site Scripting vulnerability in Dlink Dir-850L Firmware D-Link DIR-850L REV. | 6.1 |
| 2017-07-07 | CVE-2017-7406 | Missing Encryption of Sensitive Data vulnerability in Dlink Dir-615 20.12Ptb01 The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. | 5.0 |
| 2017-07-07 | CVE-2017-7404 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-615 20.12Ptb01 On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim's Router without knowing the credentials (CSRF). | 6.8 |
| 2017-04-10 | CVE-2017-6190 | Path Traversal vulnerability in Dlink Dwr-116 Firmware V1.00(Cp)B10/V1.01(Eu)/V1.05(Au) Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. | 5.0 |