Vulnerabilities > Dlink > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-02-12 CVE-2020-27863 Unspecified vulnerability in Dlink Dsl-2888A Firmware and Dva-2800 Firmware
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DVA-2800 and DSL-2888A routers.
low complexity
dlink
6.5
6.5
2020-12-22 CVE-2020-24578 Incorrect Permission Assignment for Critical Resource vulnerability in Dlink Dsl2888A Firmware
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55.
low complexity
dlink CWE-732
6.5
6.5
2020-10-08 CVE-2020-26567 Missing Authentication for Critical Function vulnerability in Dlink Dsr-250N Firmware
An issue was discovered on D-Link DSR-250N before 3.17B devices.
local
low complexity
dlink CWE-306
5.5
5.5
2020-09-19 CVE-2020-25786 Cross-site Scripting vulnerability in Dlink products
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header.
network
low complexity
dlink CWE-79
6.1
6.1
2020-07-22 CVE-2020-15895 Cross-site Scripting vulnerability in Dlink Dir-816L Firmware 2.06/2.06.B09
An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02.
network
low complexity
dlink CWE-79
6.1
6.1
2020-07-22 CVE-2020-12774 OS Command Injection vulnerability in Dlink Dsl-7740C Firmware V6.Tr069.20180723
D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command.
local
low complexity
dlink CWE-78
6.7
6.7
2020-05-18 CVE-2020-13135 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dlink Dsp-W215 Firmware 1.26B03
D-Link DSP-W215 1.26b03 devices allow information disclosure by intercepting messages on the local network, as demonstrated by a Squid Proxy.
low complexity
dlink CWE-327
6.5
6.5
2020-03-04 CVE-2019-19222 Cross-site Scripting vulnerability in Dlink Dsl-2680 Firmware 1.03
A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wireless_autonetwork_1 POST request.
network
low complexity
dlink CWE-79
5.4
5.4
2020-02-07 CVE-2013-3096 Improper Authentication vulnerability in Dlink Dir865L Firmware 1.03
D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking" vulnerability.
network
high complexity
dlink CWE-287
5.9
5.9
2020-02-04 CVE-2013-7054 Cross-site Scripting vulnerability in Dlink Dir-100 Firmware 4.03B07
D-Link DIR-100 4.03B07: cli.cgi XSS
network
low complexity
dlink CWE-79
6.1
6.1