Vulnerabilities > Dlink > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-11-20 | CVE-2013-3095 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir865L and Dir865L Firmware Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR865L router (Rev. | 6.8 |
| 2013-11-19 | CVE-2013-5223 | Cross-site Scripting vulnerability in Dlink Dsl-2760U Firmware Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. | 5.4 |
| 2013-09-20 | CVE-2013-4707 | Permissions, Privileges, and Access Controls vulnerability in Dlink Des-3810 and Des-3810 Firmware The SSH implementation on D-Link Japan DES-3810 devices with firmware before R2.20.011 allows remote authenticated users to cause a denial of service (device hang) by leveraging login access. | 6.3 |
| 2013-09-20 | CVE-2013-4706 | Permissions, Privileges, and Access Controls vulnerability in Dlink Dwl-2100Ap and Dwl-2100Ap Firmware The SSH implementation on the D-Link Japan DWL-2100AP with firmware before R252JP-RC572 allows remote authenticated users to cause a denial of service (reboot) by leveraging login access. | 6.3 |
| 2012-10-08 | CVE-2012-5319 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dcs-2000, Dcs-5300 and Dcs-900 Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the rootpass parameter. | 6.8 |
| 2012-10-08 | CVE-2012-1308 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dsl-2640B and Dsl-2640B Firmware Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter. | 6.8 |
| 2010-04-27 | CVE-2009-4821 | Improper Authentication vulnerability in Dlink Dir-615 3.10Na The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors. | 5.0 |