Vulnerabilities > Dlink > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-03 | CVE-2020-13785 | Inadequate Encryption Strength vulnerability in Dlink Dir-865L Firmware 1.20B01 D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength. | 5.0 |
| 2020-06-03 | CVE-2020-13784 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Dlink Dir-865L Firmware 1.20B01 D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. | 5.0 |
| 2020-06-03 | CVE-2020-13783 | Cleartext Storage of Sensitive Information vulnerability in Dlink Dir-865L Firmware 1.20B01 D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information. | 5.0 |
| 2020-06-03 | CVE-2020-13782 | OS Command Injection vulnerability in Dlink Dir-865L Firmware 1.20B01 D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. | 6.5 |
| 2020-05-18 | CVE-2020-13135 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dlink Dsp-W215 Firmware 1.26B03 D-Link DSP-W215 1.26b03 devices allow information disclosure by intercepting messages on the local network, as demonstrated by a Squid Proxy. | 6.5 |
| 2020-04-21 | CVE-2019-17525 | Improper Restriction of Excessive Authentication Attempts vulnerability in Dlink Dir-615 Firmware 20.10 The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks. | 4.0 |
| 2020-04-20 | CVE-2020-9278 | Improper Input Validation vulnerability in Dlink Dsl-2640B Firmware Eu4.01B An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. | 6.4 |
| 2020-04-20 | CVE-2020-9275 | Insufficiently Protected Credentials vulnerability in Dlink Dsl-2640B Firmware Eu4.01B An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. | 5.0 |
| 2020-04-10 | CVE-2020-6765 | OS Command Injection vulnerability in Dlink Dsl-Gs225 Firmware Au1.0.4 D-Link DSL-GS225 J1 AU_1.0.4 devices allow an admin to execute OS commands by placing shell metacharacters after a supported CLI command, as demonstrated by ping -c1 127.0.0.1; cat/etc/passwd. | 6.5 |
| 2020-03-04 | CVE-2019-19222 | Cross-site Scripting vulnerability in Dlink Dsl-2680 Firmware 1.03 A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wireless_autonetwork_1 POST request. | 5.4 |