Vulnerabilities > Dlink > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-19 | CVE-2020-25786 | Cross-site Scripting vulnerability in Dlink products webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. | 6.1 |
| 2020-07-23 | CVE-2020-15632 | Incorrect Implementation of Authentication Algorithm vulnerability in Dlink Dir-842 Firmware This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. | 5.8 |
| 2020-07-23 | CVE-2020-15631 | OS Command Injection vulnerability in Dlink Dap-1860 Firmware 1.01B06/1.02B01/1.04B01 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 1.04B03_HOTFIX WiFi extenders. | 5.8 |
| 2020-07-22 | CVE-2020-15896 | Improper Authentication vulnerability in Dlink Dap-1522 Firmware 1.41/1.42 An authentication-bypass issue was discovered on D-Link DAP-1522 devices 1.4x before 1.10b04Beta02. | 5.0 |
| 2020-07-22 | CVE-2020-15895 | Cross-site Scripting vulnerability in Dlink Dir-816L Firmware 2.06/2.06.B09 An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. | 6.1 |
| 2020-07-22 | CVE-2020-12774 | OS Command Injection vulnerability in Dlink Dsl-7740C Firmware V6.Tr069.20180723 D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command. | 4.6 |
| 2020-06-15 | CVE-2020-13150 | Missing Authentication for Critical Function vulnerability in Dlink Dsl-2750U Firmware Me1.03 D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active. | 4.6 |
| 2020-06-08 | CVE-2020-13960 | Unspecified vulnerability in Dlink Dir-600M Firmware and Dsl-2730U Firmware D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses (and also offer Internet services such as HTTP) for names that otherwise would have had an NXDOMAIN error, by registering a subdomain of the domain.name domain name. | 5.0 |
| 2020-06-03 | CVE-2020-13787 | Cleartext Transmission of Sensitive Information vulnerability in Dlink Dir-865L Firmware 1.20B01 D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information. | 5.0 |
| 2020-06-03 | CVE-2020-13786 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-865L Firmware 1.20B01 D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF. | 6.8 |