D-Link
Products: D-View 8 · DAP-1320 · DAP-1325 · DAP-1360 · DAP-1562 · DAP-1620 · DAP-2695 · DAR-7000 · DAR-7000-40 · DAR-8000 · DAR-8000-10 · DCS-5020L · DCS-5615 · DCS-6517 · DCS-7517 · DCS-931L · DCS-932L · DCS-933L · DCS-935L · DCS700l
112.3
Score
376
CVEs
3
Active
373
PoC
3
KEV
#19
Rank
Period:
Product:
| CVE ID | Published | CVSS | Exploit | KEV | AC | PR | Auto | Score(hover) | Affected Products | Description |
|---|---|---|---|---|---|---|---|---|---|---|
| CVE-2026-12174 | 2026-06-13 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DCS-935L | A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been |
| CVE-2026-11492 | 2026-06-08 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DIR-823G | A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. The attack can be initiated remotely. The exploit has been released to th |
| CVE-2026-11497 | 2026-06-08 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DCS-5615 | A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipulation leads to least privilege violation. The attack can be executed remotely. The exploit has been d |
| CVE-2026-11555 | 2026-06-08 | 6.3v4.0 | POC | — | High | None | no | 0.0 | DGS-1100-08PD | A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least privilege violation. The attack may be launched remotely. The attack requires a high level of complex |
| CVE-2026-10878 | 2026-06-05 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DWR-M920 | A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub_41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument action_value results in command injection. The attack is possible to be carried out remotely. The exploit is now public and |
| CVE-2026-11339 | 2026-06-05 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DWR-M920 | A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be |
| CVE-2026-11341 | 2026-06-05 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DWR-M920 | A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEI_value causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used. |
| CVE-2026-10206 | 2026-06-01 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DI-8400 | A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an unknown function of the file /dbsrv.asp. Performing a manipulation of the argument str results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. Th |
| CVE-2026-10270 | 2026-06-01 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DI-7001 MINI | A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpd_debug.asp of the component API. The manipulation of the argument Time results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public a |
| CVE-2026-8260 | 2026-05-11 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DCS-935L | A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service of the component HNAP Service. The manipulation of the argument AdminPassword results in buffer overflow. The attack can be executed remotely. |
| CVE-2026-8271 | 2026-05-11 | 5.1v4.0 | POC | — | Low | High | no | 0.0 | DNS-320 | A vulnerability was identified in D-Link DNS-320 2.06B01. The impacted element is the function cgi_speed/cgi_dhcpd_lease/cgi_ddns/cgi_set_ip/cgi_upnp_del/cgi_dhcpd/cgi_upnp_add/cgi_upnp_edit of the file /cgi-bin/network_mgr.cgi. The manipulation leads to os command injection. The attack is possible |
| CVE-2026-8272 | 2026-05-11 | 5.1v4.0 | POC | — | Low | High | no | 0.0 | DNS-320 | A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfile_mgr.cgi. The manipulation results in os command injection. The attack may be performed from remote. The exploit has been released to the public an |
| CVE-2026-8273 | 2026-05-11 | 5.1v4.0 | POC | — | Low | High | no | 0.0 | DNS-320 | A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgi_set_host/cgi_set_ntp/cgi_fan_control/cgi_merge_user of the file /cgi-bin/system_mgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely. |
| CVE-2026-8344 | 2026-05-11 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DIR-816 | A weakness has been identified in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this vulnerability is the function sub_445E7C of the file /goform/formDMZ.cgi. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the p |
| CVE-2026-8345 | 2026-05-11 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DIR-816 | A security vulnerability has been detected in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this issue is the function sub_445E7C of the file /goform/singlePortForward. Such manipulation of the argument ip_address leads to command injection. It is possible to launch the attack remotely. The exp |
| CVE-2026-8346 | 2026-05-11 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DIR-816 | A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip_address results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. |
| CVE-2026-7851 | 2026-05-05 | 8.6v4.0 | POC | — | Low | High | no | 0.0 | DI-8100 | A vulnerability was identified in D-Link DI-8100 16.07.26A1. This affects the function sprintf of the file yyxz.asp. The manipulation of the argument ID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. |
| CVE-2026-7853 | 2026-05-05 | 9.3v4.0 | POC | — | Low | None | YES | 0.0 | DI-8100 | A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation of the argument enable/time causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made av |
| CVE-2026-7854 | 2026-05-05 | 9.3v4.0 | POC | — | Low | None | YES | 0.0 | DI-8100 | A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function url_rule_asp of the file /url_rule.asp of the component POST Parameter Handler. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploi |
| CVE-2026-7855 | 2026-05-05 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DI-8100 | A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by this issue is the function tggl_asp of the file /tggl.asp of the component HTTP Request Handler. Performing a manipulation of the argument Name results in buffer overflow. The attack can be initiated remotely. The exploit is now |
| CVE-2026-7856 | 2026-05-05 | 8.6v4.0 | POC | — | Low | High | no | 0.0 | DI-8100 | A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part of the file /url_member.asp of the component Web Management Interface. Executing a manipulation of the argument Name can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and m |
| CVE-2026-7857 | 2026-05-05 | 8.6v4.0 | POC | — | Low | High | no | 0.0 | DI-8100 | A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /user_group.asp of the component CGI Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may |
| CVE-2026-42373 | 2026-05-04 | 9.8v3.1 | POC | — | Low | None | no | 0.0 | DIR-605L Firmware | D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn76_dlwbr_dir605L" read from /etc/alpha_config/image_sign. The custom telnetd bina |
| CVE-2026-42374 | 2026-05-04 | 9.8v3.1 | POC | — | Low | None | no | 0.0 | DIR-600L Firmware | D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn61_dlwbr_dir600L" read from /etc/alpha_config/image_sign. The custom telnetd binary ac |
| CVE-2026-42375 | 2026-05-04 | 9.8v3.1 | POC | — | Low | None | no | 0.0 | DIR-600L Firmware | D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35_dlwbr_dir600l" read from /etc/alpha_config/image_sign. The custom telnetd binary ac |
| CVE-2026-42376 | 2026-05-04 | 9.8v3.1 | POC | — | Low | None | YES | 0.0 | DIR-456U Firmware | D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username "Alphanetworks" and the static password "whdrv01_dlob_dir456U" read from /etc/config/image_sign. The custom telnetd |
| CVE-2026-7554 | 2026-05-01 | 6.3v4.0 | POC | — | High | None | no | 0.0 | M60 | A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitation i |
| CVE-2026-7247 | 2026-04-28 | 8.6v4.0 | POC | — | Low | High | no | 0.0 | DI-8100 | A vulnerability has been found in D-Link DI-8100 16.07.26A1. Affected by this issue is the function file_exten_asp of the file file_exten.asp of the component File Extension Handler. The manipulation of the argument Name leads to buffer overflow. Remote exploitation of the attack is possible. The ex |
| CVE-2026-7248 | 2026-04-28 | 9.3v4.0 | POC | — | Low | None | YES | 0.0 | DI-8100 | A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfile_htm of the file tgfile.htm of the component CGI Endpoint. The manipulation of the argument fn results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used. |
| CVE-2026-7288 | 2026-04-28 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-825M | A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub_4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to |
| CVE-2026-7289 | 2026-04-28 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-825M | A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used. |
| CVE-2026-7067 | 2026-04-26 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DIR-822 | A vulnerability was determined in D-Link DIR-822 A_101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been publi |
| CVE-2026-6012 | 2026-04-10 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-513 | A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out remotely |
| CVE-2026-6013 | 2026-04-10 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-513 | A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /goform/formSetRoute of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack may be performed from remote. The exploit |
| CVE-2026-6014 | 2026-04-10 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-513 | A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. This manipulation of the argument webpage causes buffer overflow. It is possible to initiate the attack remotely. The exploit has |
| CVE-2026-5844 | 2026-04-09 | 8.6v4.0 | POC | — | Low | High | no | 0.0 | DIR-882 | A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been made |
| CVE-2026-5979 | 2026-04-09 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack can be launched remotely. |
| CVE-2026-5980 | 2026-04-09 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation of the argument curTime causes buffer overflow. The attack may be initiated remotely. The exploit ha |
| CVE-2026-5981 | 2026-04-09 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform/formAdvFirewall of the component POST Request Handler. Such manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has bee |
| CVE-2026-5982 | 2026-04-09 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file /goform/formAdvNetwork of the component POST Request Handler. Performing a manipulation of the argument curTime results in buffer overflow. Remote exploitation of the attack is po |
| CVE-2026-5983 | 2026-04-09 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation of the argument curTime can lead to buffer overflow. The attack can be executed remotely. The exploit |
| CVE-2026-5984 | 2026-04-09 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formSetLog of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is pu |
| CVE-2026-5815 | 2026-04-08 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-645 | A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only aff |
| CVE-2026-5311 | 2026-04-01 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function Webdav_Acc |
| CVE-2026-5312 | 2026-04-01 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the fu |
| CVE-2026-5211 | 2026-03-31 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This vulnerability affects the function UPnP_AV_S |
| CVE-2026-5212 | 2026-03-31 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function Webdav_U |
| CVE-2026-5213 | 2026-03-31 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The affected element is the function cgi |
| CVE-2026-5214 | 2026-03-31 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Impacted is the function cgi_addgroup_get_gro |
| CVE-2026-5024 | 2026-03-29 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-513 | A vulnerability was found in D-Link DIR-513 1.10. This issue affects the function formSetEmail of the file /goform/formSetEmail. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made publ |
| CVE-2026-4555 | 2026-03-22 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-513 | A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the file /goform/formEasySetTimezone of the component boa. This manipulation of the argument curTime causes stack-based buffer overflow. The attack can be initiated remotely. The exploi |
| CVE-2026-4529 | 2026-03-21 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DHP-1320 | A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the function redirect_count_down_page of the component SOAP Handler. Such manipulation leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. This vulner |
| CVE-2026-4465 | 2026-03-20 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DIR-513 | A flaw has been found in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formSysCmd. Executing a manipulation of the argument sysCmd can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. This vulner |
| CVE-2026-4486 | 2026-03-20 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-513 | A vulnerability was found in D-Link DIR-513 1.10. This affects the function formEasySetPassword of the file /goform/formEasySetPassword of the component Web Service. The manipulation of the argument curTime results in stack-based buffer overflow. The attack may be performed from remote. The exploit |
| CVE-2026-4499 | 2026-03-20 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DIR-820LW | A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is the function ssdpcgi_main of the component SSDP. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. |
| CVE-2026-4203 | 2026-03-16 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Impacted is the function cgi_portforwardin |
| CVE-2026-4204 | 2026-03-16 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The affected element is the function cgi_myfavori |
| CVE-2026-4205 | 2026-03-16 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function cgi |
| CVE-2026-4206 | 2026-03-16 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects the function FMT_rebuild_diskmgr |
| CVE-2026-4207 | 2026-03-16 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This impacts the function cgi_device/cgi |
| CVE-2026-4209 | 2026-03-16 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function cgi_create_impo |
| CVE-2026-4210 | 2026-03-16 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is t |
| CVE-2026-4211 | 2026-03-16 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this issue is the function L |
| CVE-2026-4212 | 2026-03-16 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A security vulnerability has been detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects the function Do |
| CVE-2026-4213 | 2026-03-16 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This vulnerability affects the function cg |
| CVE-2026-4214 | 2026-03-16 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function UPnP_AV_Server_Pa |
| CVE-2026-4180 | 2026-03-15 | 6.9v4.0 | POC | — | Low | None | no | 0.0 | DIR-816 | A vulnerability was identified in D-Link DIR-816 1.10CNB05. The impacted element is an unknown function of the file redirect.asp of the component goahead. The manipulation of the argument token_id leads to improper access controls. The attack may be initiated remotely. The exploit is publicly availa |
| CVE-2026-4181 | 2026-03-15 | 9.3v4.0 | POC | — | Low | None | no | 0.0 | DIR-816 | A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument key1/key2/key3/key4/pskValue results in stack-based buffer overflow. The attack may be launched remo |
| CVE-2026-4182 | 2026-03-15 | 9.3v4.0 | POC | — | Low | None | no | 0.0 | DIR-816 | A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unknown function of the file /goform/form2Wl5RepeaterStep2.cgi of the component goahead. This manipulation of the argument key1/key2/key3/key4/pskValue causes stack-based buffer overflow. Remote exploitation of the attack is |
| CVE-2026-4183 | 2026-03-15 | 9.3v4.0 | POC | — | Low | None | no | 0.0 | DIR-816 | A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of the component goahead. Such manipulation of the argument pskValue leads to stack-based buffer overflow. The attack can be executed remotely. The expl |
| CVE-2026-4184 | 2026-03-15 | 9.3v4.0 | POC | — | Low | None | no | 0.0 | DIR-816 | A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unknown functionality of the file /goform/form2Wl5BasicSetup.cgi of the component goahead. Performing a manipulation of the argument pskValue results in stack-based buffer overflow. The attack is possible |
| CVE-2026-4188 | 2026-03-15 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L | A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected element is the function formSchedule of the file /goform/formSchedule of the component boa. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack may be initiated remotely. The |
| CVE-2026-4193 | 2026-03-15 | 6.9v4.0 | POC | — | Low | None | no | 0.0 | DIR-823G | A security vulnerability has been detected in D-Link DIR-823G 1.0.2B05. The affected element is the function GetDDNSSettings/GetDeviceDomainName/GetDeviceSettings/GetDMZSettings/GetFirewallSettings/GetGuestNetworkSettings/GetLanWanConflictInfo/GetLocalMacAddress/GetNetworkSettings/GetQoSSettings/Get |
| CVE-2026-4194 | 2026-03-15 | 6.9v4.0 | POC | — | Low | None | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function cgi_s |
| CVE-2026-4195 | 2026-03-15 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects an unknown function of the file /cgi |
| CVE-2026-4196 | 2026-03-15 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This impacts the function cgi_recovery/c |
| CVE-2026-4197 | 2026-03-15 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function RSS_Get_Update_Statu |
| CVE-2026-3978 | 2026-03-12 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-513 | A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wan_connected results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be |
| CVE-2026-3485 | 2026-03-03 | 9.3v4.0 | POC | — | Low | None | YES | 0.0 | DIR-868L | A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability onl |
| CVE-2026-2960 | 2026-02-23 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DWR-M960 | A flaw has been found in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_468D64 of the file /boafrm/formDhcpv6s. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and ma |
| CVE-2026-2961 | 2026-02-23 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DWR-M960 | A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible to be carried o |
| CVE-2026-2962 | 2026-02-23 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DWR-M960 | A vulnerability was found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_460F30 of the file /boafrm/formDateReboot of the component Scheduled Reboot Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be |
| CVE-2026-2958 | 2026-02-22 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DWR-M960 | A security vulnerability has been detected in D-Link DWR-M960 1.01.07. Affected is the function sub_457C5C of the file /boafrm/formWsc. Such manipulation of the argument save_apply leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and |
| CVE-2026-2959 | 2026-02-22 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DWR-M960 | A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_44E0F8 of the file /boafrm/formNewSchedule. Performing a manipulation of the argument url results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is |
| CVE-2026-2881 | 2026-02-21 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DWR-M960 | A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_425FF8 of the file /boafrm/formFirewallAdv of the component Advanced Firewall Configuration Endpoint. Such manipulation of the argument submit-url leads to stack-based buffer overflow. The attack m |
| CVE-2026-2882 | 2026-02-21 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DWR-M960 | A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub_46385C of the file /boafrm/formDosCfg. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made publi |
| CVE-2026-2883 | 2026-02-21 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DWR-M960 | A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_427D74 of the file /boafrm/formIpQoS. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and |
| CVE-2026-2884 | 2026-02-21 | 8.7v4.0 | POC | — | Low | Low | YES | 0.0 | DWR-M960 | A vulnerability was identified in D-Link DWR-M960 1.01.07. The affected element is the function sub_41914C of the file /boafrm/formWanConfigSetup of the component WAN Interface Setting Handler. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible t |
| CVE-2026-2885 | 2026-02-21 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DWR-M960 | A security flaw has been discovered in D-Link DWR-M960 1.01.07. The impacted element is the function sub_469104 of the file /boafrm/formIpv6Setup. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been release |
| CVE-2026-2853 | 2026-02-20 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DWR-M960 | A vulnerability was detected in D-Link DWR-M960 1.01.07. This affects the function sub_462E14 of the file /boafrm/formSysLog of the component System Log Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated re |
| CVE-2026-2854 | 2026-02-20 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DWR-M960 | A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub_4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The exploi |
| CVE-2026-2855 | 2026-02-20 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DWR-M960 | A vulnerability has been found in D-Link DWR-M960 1.01.07. Affected is the function sub_4648F0 of the file /boafrm/formDdns of the component DDNS Settings Handler. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has |
| CVE-2026-2856 | 2026-02-20 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DWR-M960 | A vulnerability was found in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_424AFC of the file /boafrm/formFilter of the component Filter Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be launche |
| CVE-2026-2857 | 2026-02-20 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DWR-M960 | A vulnerability was determined in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_423E00 of the file /boafrm/formPortFw of the component Port Forwarding Configuration Endpoint. This manipulation of the argument submit-url causes stack-based buffer overflow. Remote exploitation of |
| CVE-2026-2260 | 2026-02-10 | 8.6v4.0 | POC | — | Low | High | no | 0.0 | DCS-931L | A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin. The manipulation of the argument AdminID results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This vulnerabili |
| CVE-2026-2210 | 2026-02-09 | 8.6v4.0 | POC | — | Low | High | no | 0.0 | DIR-823X | A vulnerability has been found in D-Link DIR-823X 250416. This affects the function sub_4211C8 of the file /goform/set_filtering. Such manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
| CVE-2026-2218 | 2026-02-09 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DCS-933L | A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly dis |
| CVE-2026-2227 | 2026-02-09 | 5.1v4.0 | POC | — | Low | High | no | 0.0 | DCS-931L | A vulnerability was found in D-Link DCS-931L up to 1.13.0. Impacted is the function doSystem of the file /setSystemAdmin. Performing a manipulation of the argument AdminID results in command injection. The attack may be initiated remotely. The exploit has been made public and could be used. This vul |
| CVE-2026-2120 | 2026-02-08 | 8.6v4.0 | POC | — | Low | High | no | 0.0 | DIR-823X | A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/set_server_settings of the component Configuration Parameter Handler. The manipulation of the argument terminal_addr/server_ip/server_port leads to os command injection. The attack may be i |
| CVE-2026-2129 | 2026-02-08 | 8.6v4.0 | POC | — | Low | High | no | 0.0 | DIR-823X | A vulnerability was found in D-Link DIR-823X 250416. Affected by this issue is some unknown functionality of the file /goform/set_ac_status. Performing a manipulation of the argument ac_ipaddr/ac_ipstatus/ap_randtime results in os command injection. The attack may be initiated remotely. The exploit |
| CVE-2026-2142 | 2026-02-08 | 8.6v4.0 | POC | — | Low | High | no | 0.0 | DIR-823X | A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420688 of the file /goform/set_qos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be use |
| CVE-2026-2143 | 2026-02-08 | 8.6v4.0 | POC | — | Low | High | no | 0.0 | DIR-823X | A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/set_ddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command injection. The attack is poss |
| CVE-2026-2151 | 2026-02-08 | 8.6v4.0 | POC | — | Low | High | no | 0.0 | DIR-615 | A vulnerability has been found in D-Link DIR-615 4.10. This affects an unknown part of the file adv_firewall.php of the component DMZ Host Feature. Such manipulation of the argument dmz_ipaddr leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the |
| CVE-2026-2152 | 2026-02-08 | 8.6v4.0 | POC | — | Low | High | no | 0.0 | DIR-615 | A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file adv_routing.php of the component Web Configuration Interface. Performing a manipulation of the argument dest_ip/ submask/ gw results in os command injection. The attack may be initiated remotely. Th |
| CVE-2026-2155 | 2026-02-08 | 8.6v4.0 | POC | — | Low | High | no | 0.0 | DIR-823X | A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub_4208A0 of the file /goform/set_dmz of the component Configuration Handler. The manipulation of the argument dmz_host/dmz_enable results in os command injection. The attack can be executed remotely |
| CVE-2026-2157 | 2026-02-08 | 8.6v4.0 | POC | — | Low | High | no | 0.0 | DIR-823X | A security vulnerability has been detected in D-Link DIR-823X 250416. This affects the function sub_4175CC of the file /goform/set_static_route_table. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os command injection. The attack may be performed from remote. The |
| CVE-2026-2163 | 2026-02-08 | 5.1v4.0 | POC | — | Low | High | no | 0.0 | DIR-600 | A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. The attack may be launched remotely. The exploit is publicly availab |
| CVE-2026-2168 | 2026-02-08 | 5.3v4.0 | POC | — | Low | Low | YES | 0.0 | DWR-M921 | A flaw has been found in D-Link DWR-M921 1.1.50. This affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. |
| CVE-2026-2169 | 2026-02-08 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DWR-M921 | A vulnerability has been found in D-Link DWR-M921 1.1.50. This impacts an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fota_url leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public |
| CVE-2026-2175 | 2026-02-08 | 8.6v4.0 | POC | — | Low | High | no | 0.0 | DIR-823X | A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420618 of the file /goform/set_upnp. This manipulation of the argument upnp_enable causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to |
| CVE-2026-2193 | 2026-02-08 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DI-7100G C1 | A vulnerability was detected in D-Link DI-7100G C1 24.04.18D1. Affected by this issue is the function set_jhttpd_info. Performing a manipulation of the argument usb_username results in command injection. Remote exploitation of the attack is possible. |
| CVE-2026-2194 | 2026-02-08 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DI-7100G C1 | A flaw has been found in D-Link DI-7100G C1 24.04.18D1. This affects the function start_proxy_client_email. Executing a manipulation can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used. |
| CVE-2026-2081 | 2026-02-07 | 5.1v4.0 | POC | — | Low | High | no | 0.0 | DIR-823X | A vulnerability was determined in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_password. This manipulation of the argument http_passwd causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose |
| CVE-2026-2082 | 2026-02-07 | 5.1v4.0 | POC | — | Low | High | no | 0.0 | DIR-823X | A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/set_mac_clone. Such manipulation of the argument mac leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used. |
| CVE-2026-2084 | 2026-02-07 | 8.6v4.0 | POC | — | Low | High | no | 0.0 | DIR-823X | A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/set_language. Executing a manipulation of the argument langSelection can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to t |
| CVE-2026-2085 | 2026-02-07 | 8.6v4.0 | POC | — | Low | High | no | 0.0 | DWR-M921 | A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function sub_419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulation of the argument ussdValue leads to command injection. The attack can be initiated remotely. The e |
| CVE-2026-2054 | 2026-02-06 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DIR-605LDIR-619L | A security flaw has been discovered in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. Impacted is an unknown function of the component Wifi Setting Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been released to the public a |
| CVE-2026-2055 | 2026-02-06 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DIR-605LDIR-619L | A weakness has been identified in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The affected element is an unknown function of the component DHCP Client Information Handler. Executing a manipulation can lead to information disclosure. The attack may be launched remotely. The exploit has been made av |
| CVE-2026-2056 | 2026-02-06 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DIR-605LDIR-619L | A security vulnerability has been detected in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The impacted element is an unknown function of the file /wan_connection_status.asp of the component DHCP Connection Status Handler. The manipulation leads to information disclosure. Remote exploitation of the |
| CVE-2026-2061 | 2026-02-06 | 5.1v4.0 | POC | — | Low | High | no | 0.0 | DIR-823X | A vulnerability was determined in D-Link DIR-823X 250416. Affected by this issue is the function sub_424D20 of the file /goform/set_ipv6. Executing a manipulation can lead to os command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utiliz |
| CVE-2026-2063 | 2026-02-06 | 5.1v4.0 | POC | — | Low | High | no | 0.0 | DIR-823X | A security flaw has been discovered in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/set_ac_server of the component Web Management Interface. The manipulation of the argument ac_server results in os command injection. The attack can be launched remotely. The exp |
| CVE-2026-1685 | 2026-01-30 | 6.3v4.0 | POC | — | High | None | no | 0.0 | DIR-823X | A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. This attack is characterized by high com |
| CVE-2026-1596 | 2026-01-29 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DWR-M961 | A flaw has been found in D-Link DWR-M961 1.1.47. This vulnerability affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes command injection. The attack is possible to be carried out remotely. The exploit has been published an |
| CVE-2026-1544 | 2026-01-28 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DIR-823X | A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub_41E2A0 of the file /goform/set_mode. Performing a manipulation of the argument lan_gateway results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to |
| CVE-2026-1419 | 2026-01-26 | 5.1v4.0 | POC | — | Low | High | no | 0.0 | DCS700l | A weakness has been identified in D-Link DCS700l 1.03.09. Affected is an unknown function of the file /setDayNightMode of the component Web Form Handler. Executing a manipulation of the argument LightSensorControl can lead to command injection. The attack may be launched remotely. The exploit has be |
| CVE-2026-1448 | 2026-01-26 | 8.6v4.0 | POC | — | Low | High | no | 0.0 | DIR-615 | A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wiz_policy_3_machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os command injection. It is possible to initiate the attack remotel |
| CVE-2026-1125 | 2026-01-18 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DIR-823X | A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_wifidog_settings. Executing a manipulation of the argument wd_enable can lead to command injection. The attack can be executed remotely. The exploit has been made avail |
| CVE-2026-0732 | 2026-01-08 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DI-8200G | A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgrade_filter.asp. The manipulation of the argument path results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. |
| CVE-2025-15357 | 2025-12-30 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DI-7400G+ | A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /msp_info.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The attack can be launched remotely. The exploit has been made public and could be used. |
| CVE-2025-15189 | 2025-12-29 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DWR-M920 | A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used |
| CVE-2025-15190 | 2025-12-29 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DWR-M920 | A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public a |
| CVE-2025-15191 | 2025-12-29 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DWR-M920 | A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made |
| CVE-2025-15192 | 2025-12-29 | 5.3v4.0 | POC | — | Low | Low | YES | 0.0 | DWR-M920 | A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fota_url leads to command injection. The attack can be executed remotely. The exploit has been |
| CVE-2025-15193 | 2025-12-29 | 8.7v4.0 | POC | — | Low | Low | YES | 0.0 | DWR-M920 | A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and ma |
| CVE-2025-15194 | 2025-12-29 | 9.3v4.0 | POC | — | Low | None | YES | 0.0 | DIR-600 | A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack rem |
| CVE-2023-53974 | 2025-12-22 | 8.8v4.0 | POC | — | Low | None | YES | 0.0 | DSL-124 Wireless N300 ADSL2+ | D-Link DSL-124 ME_1.00 contains a configuration file disclosure vulnerability that allows unauthenticated attackers to retrieve router settings through a POST request. Attackers can send a specific POST request to the router's configuration endpoint to download a complete backup file containing sens |
| CVE-2023-53896 | 2025-12-16 | 8.7v4.0 | POC | — | Low | None | no | 0.0 | DAP-1325 | D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to retrieve sensitive configuration information b |
| CVE-2025-14659 | 2025-12-14 | 8.7v4.0 | POC | — | Low | Low | YES | 0.0 | DIR-860LB1DIR-868LB1 | A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03. Affected is an unknown function of the component DHCP Daemon. The manipulation of the argument Hostname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be use |
| CVE-2025-14528 | 2025-12-11 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DIR-803 | A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_GROUP results in information disclosure. The attack may be performed from remote. The exploit is now |
| CVE-2025-14208 | 2025-12-08 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DIR-823X | A security flaw has been discovered in D-Link DIR-823X up to 20250416. This affects the function sub_415028 of the file /goform/set_wan_settings. The manipulation of the argument ppp_username results in command injection. It is possible to launch the attack remotely. The exploit has been released to |
| CVE-2025-13547 | 2025-11-23 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-822KDWR-M920 | A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used. |
| CVE-2025-13548 | 2025-11-23 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-822KDWR-M920 | A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This vulnerability affects unknown code of the file /boafrm/formFirewallAdv. Such manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been dis |
| CVE-2025-13549 | 2025-11-23 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-822K | A vulnerability was found in D-Link DIR-822K 1.00. This issue affects the function sub_455524 of the file /boafrm/formNtp. Performing manipulation of the argument submit-url results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used. |
| CVE-2025-13550 | 2025-11-23 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-822KDWR-M920 | A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has been |
| CVE-2025-13551 | 2025-11-23 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-822KDWR-M920 | A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack is possible to be carried out remotely. The |
| CVE-2025-13552 | 2025-11-23 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-822KDWR-M920 | A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The impacted element is an unknown function of the file /boafrm/formWlEncrypt. The manipulation of the argument submit-url results in buffer overflow. The attack may be performed from remote. The exploit |
| CVE-2025-13553 | 2025-11-23 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DWR-M920 | A weakness has been identified in D-Link DWR-M920 1.1.50. This affects the function sub_41C7FC of the file /boafrm/formPinManageSetup. This manipulation of the argument submit-url causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the publi |
| CVE-2025-13562 | 2025-11-23 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DIR-852 | A vulnerability was identified in D-Link DIR-852 1.00. This issue affects some unknown processing of the file /gena.cgi. Such manipulation of the argument service leads to command injection. The attack can be executed remotely. The exploit is publicly available and might be used. This vulnerability |
| CVE-2025-13304 | 2025-11-17 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-825MDWR-M920DWR-M921DWR-M960DWR-M961 | A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated re |
| CVE-2025-13305 | 2025-11-17 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-822KDIR-825MDWR-M920DWR-M921DWR-M960 | A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remote |
| CVE-2025-13306 | 2025-11-17 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DIR-822KDIR-825MDWR-M920DWR-M921 | A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The explo |
| CVE-2025-13189 | 2025-11-15 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-816L | A vulnerability has been found in D-Link DIR-816L 2_06_b09_beta. This affects the function genacgi_main of the file gena.cgi. The manipulation of the argument SERVER_ID/HTTP_SID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to |
| CVE-2025-13190 | 2025-11-15 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-816L | A vulnerability was found in D-Link DIR-816L 2_06_b09_beta. This vulnerability affects the function scandir_main of the file /portal/__ajax_exporer.sgi. The manipulation of the argument en results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made publ |
| CVE-2025-13191 | 2025-11-15 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-816L | A vulnerability was determined in D-Link DIR-816L 2_06_b09_beta. This issue affects the function soapcgi_main of the file /soap.cgi. This manipulation causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. This |
| CVE-2025-13188 | 2025-11-14 | 9.3v4.0 | POC | — | Low | None | YES | 0.0 | DIR-816L | A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Affected by this vulnerability is the function authenticationcgi_main of the file /authentication.cgi. Performing manipulation of the argument Password results in stack-based buffer overflow. Remote exploitation of the attack is possible |
| CVE-2025-12295 | 2025-10-27 | 7.5v4.0 | POC | — | High | High | no | 0.0 | DAP-2695 | A weakness has been identified in D-Link DAP-2695 2.00RC13. The affected element is the function sub_40C6B8 of the component Firmware Update Handler. Executing manipulation can lead to improper verification of cryptographic signature. The attack can be launched remotely. Attacks of this nature are h |
| CVE-2025-12313 | 2025-10-27 | 5.3v4.0 | POC | — | Low | Low | YES | 0.0 | DI-7001 MINI | A vulnerability has been found in D-Link DI-7001 MINI 19.09.19A1/24.04.18B1. The affected element is an unknown function of the file /msp_info.htm. Such manipulation of the argument cmd leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and |
| CVE-2025-60344 | 2025-10-21 | 8.6v3.1 | POC | — | Low | None | no | 0.0 | DSR-150 | A path traversal (directory traversal) vulnerability in D-Link DSR series routers allows unauthenticated remote attackers to manipulate input parameters used for file or directory path resolution (e.g., via sequences such as “../”). Successful exploitation may allow access to files outside of the in |
| CVE-2025-11488 | 2025-10-08 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DIR-852 | A weakness has been identified in D-Link DIR-852 up to 20251002. This affects an unknown part of the file /HNAP1/. Executing manipulation can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. This vulnerability o |
| CVE-2025-11407 | 2025-10-07 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DI-7001 MINI | A weakness has been identified in D-Link DI-7001 MINI 24.04.18B1. Impacted is an unknown function of the file /upgrade_filter.asp. This manipulation of the argument path causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be |
| CVE-2025-11408 | 2025-10-07 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DI-7001 MINI | A security vulnerability has been detected in D-Link DI-7001 MINI 24.04.18B1. The affected element is an unknown function of the file /dbsrv.asp. Such manipulation of the argument str leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be us |
| CVE-2025-11092 | 2025-09-28 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DIR-823X | A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_switch_settings. This manipulation of the argument port causes command injection. The attack may be initiated remotely. The exploit has been made available to the publi |
| CVE-2025-11095 | 2025-09-28 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DIR-823X | A vulnerability was detected in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/delete_offline_device. Performing manipulation of the argument delvalue results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may b |
| CVE-2025-11096 | 2025-09-28 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DIR-823X | A flaw has been found in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/diag_traceroute. Executing manipulation of the argument target_addr can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used. |
| CVE-2025-11097 | 2025-09-28 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DIR-823X | A vulnerability has been found in D-Link DIR-823X 250416. Impacted is an unknown function of the file /goform/set_device_name. The manipulation of the argument mac leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be u |
| CVE-2025-11098 | 2025-09-28 | 5.3v4.0 | POC | — | Low | Low | YES | 0.0 | DIR-823X | A vulnerability was found in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_wifi_blacklists. The manipulation of the argument macList results in command injection. The attack may be performed from remote. The exploit has been made public and could be used |
| CVE-2025-11099 | 2025-09-28 | 5.3v4.0 | POC | — | Low | Low | YES | 0.0 | DIR-823X | A vulnerability was determined in D-Link DIR-823X 250416. The impacted element is the function uci_del of the file /goform/delete_prohibiting. This manipulation of the argument delvalue causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed |
| CVE-2025-11100 | 2025-09-28 | 5.3v4.0 | POC | — | Low | Low | YES | 0.0 | DIR-823X | A vulnerability was identified in D-Link DIR-823X 250416. This affects the function uci_set of the file /goform/set_wifi_blacklists. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. |
| CVE-2025-10779 | 2025-09-22 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DCS-935L | A vulnerability was found in D-Link DCS-935L up to 1.13.01. The impacted element is the function sub_402280 of the file /HNAP1/. The manipulation of the argument HNAP_AUTH/SOAPAction results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and cou |
| CVE-2025-10792 | 2025-09-22 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-513 | A security vulnerability has been detected in D-Link DIR-513 A1FW110. Affected is an unknown function of the file /goform/formWPS. Such manipulation of the argument webpage leads to buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. Thi |
| CVE-2025-10814 | 2025-09-22 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DIR-823X | A vulnerability was determined in D-Link DIR-823X 240126/240802/250416. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/goahead. This manipulation of the argument port causes command injection. The attack can be initiated remotely. The exploit has been publicly discl |
| CVE-2025-10628 | 2025-09-18 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DIR-852 | A vulnerability was found in D-Link DIR-852 1.00CN B09. This vulnerability affects unknown code of the file /htdocs/cgibin/hedwig.cgi of the component Web Management Interface. Performing manipulation results in command injection. The attack is possible to be carried out remotely. The exploit has be |
| CVE-2025-10629 | 2025-09-18 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DIR-852 | A vulnerability was determined in D-Link DIR-852 1.00CN B09. This issue affects the function ssdpcgi_main of the file htodcs/cgibin of the component Simple Service Discovery Protocol Service. Executing manipulation of the argument ST can lead to command injection. The attack may be performed from re |
| CVE-2025-10634 | 2025-09-18 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DIR-823X | A weakness has been identified in D-Link DIR-823X 240126/240802/250416. The impacted element is the function sub_412E7C of the file /usr/sbin/goahead of the component Environment Variable Handler. This manipulation of the argument terminal_addr/server_ip/server_port causes command injection. The att |
| CVE-2025-10666 | 2025-09-18 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-825 | A security flaw has been discovered in D-Link DIR-825 up to 2.10. Affected by this vulnerability is the function sub_4106d4 of the file apply.cgi. The manipulation of the argument countdown_time results in buffer overflow. The attack can be executed remotely. The exploit has been released to the pub |
| CVE-2025-10689 | 2025-09-18 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DIR-645 | A vulnerability was identified in D-Link DIR-645 105B01. This issue affects the function soapcgi_main of the file /soap.cgi. Such manipulation of the argument service leads to command injection. The attack can be launched remotely. The exploit is publicly available and might be used. This vulnerabil |
| CVE-2025-10440 | 2025-09-15 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DI-8003DI-8003GDI-8100DI-8100GDI-8200DI-8200G | A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub_4621DC of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument hname leads to os comman |
| CVE-2025-10441 | 2025-09-15 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DI-8003GDI-8100GDI-8200G | A vulnerability was found in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1. Affected by this issue is the function sub_433F7C of the file version_upgrade.asp of the component jhttpd. The manipulation of the argument path results in os command injection. The attack may be launched remo |
| CVE-2025-10401 | 2025-09-14 | 5.3v4.0 | POC | — | Low | Low | YES | 0.0 | DIR-823X | A vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown function of the file /goform/diag_ping. Performing manipulation of the argument target_addr results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may |
| CVE-2025-10123 | 2025-09-09 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DIR-823X | A vulnerability was determined in D-Link DIR-823X up to 250416. Affected by this vulnerability is the function sub_415028 of the file /goform/set_static_leases. Executing manipulation of the argument Hostname can lead to command injection. The attack can be launched remotely. The exploit has been pu |
| CVE-2025-10093 | 2025-09-08 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DIR-852 | A vulnerability was identified in D-Link DIR-852 up to 1.00CN B09. Affected by this vulnerability is the function phpcgi_main of the file /getcfg.php of the component Device Configuration Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit |
| CVE-2025-10034 | 2025-09-06 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-825 | A vulnerability was found in D-Link DIR-825 1.08.01. This impacts the function get_ping6_app_stat of the file ping6_response.cg of the component httpd. Performing manipulation of the argument ping6_ipaddr results in buffer overflow. It is possible to initiate the attack remotely. The exploit has bee |
| CVE-2025-9938 | 2025-09-03 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DI-8400 | A weakness has been identified in D-Link DI-8400 16.07.26A1. The affected element is the function yyxz_dlink_asp of the file /yyxz.asp. This manipulation of the argument ID causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the |
| CVE-2025-9752 | 2025-09-01 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DIR-852 | A security vulnerability has been detected in D-Link DIR-852 1.00CN B09. Impacted is the function soapcgi_main of the file soap.cgi of the component SOAP Service. Such manipulation of the argument service leads to os command injection. The attack can be launched remotely. The exploit has been disclo |
| CVE-2025-9745 | 2025-08-31 | 5.1v4.0 | POC | — | Low | High | no | 0.0 | DI-500WF | A security vulnerability has been detected in D-Link DI-500WF 14.04.10A1T. The impacted element is an unknown function of the file /version_upgrade.asp of the component jhttpd. The manipulation of the argument path leads to os command injection. The attack may be initiated remotely. The exploit has |
| CVE-2025-9026 | 2025-08-15 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DIR-860L | A vulnerability was identified in D-Link DIR-860L 2.04.B04. This affects the function ssdpcgi_main of the file htdocs/cgibin of the component Simple Service Discovery Protocol. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclo |
| CVE-2025-8949 | 2025-08-14 | 8.6v4.0 | POC | — | Low | High | no | 0.0 | DIR-825 | A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function get_ping_app_stat of the file ping_response.cgi of the component httpd. The manipulation of the argument ping_ipaddr leads to stack-based buffer overflow. The attack can be launched remotely. The ex |
| CVE-2025-8956 | 2025-08-14 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DIR‑818L | A vulnerability was found in D-Link DIR‑818L up to 1.05B01. This issue affects the function getenv of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
| CVE-2025-8978 | 2025-08-14 | 7.5v4.0 | POC | — | High | High | no | 0.0 | DIR-619L | A vulnerability was determined in D-Link DIR-619L 6.02CN02. Affected is the function FirmwareUpgrade of the component boa. The manipulation leads to insufficient verification of data authenticity. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitab |
| CVE-2025-8175 | 2025-07-26 | 7.1v4.0 | POC | — | Low | Low | no | 0.0 | DI-8400 | A vulnerability was found in D-Link DI-8400 16.07.26A1. It has been classified as problematic. This affects an unknown part of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument share_enable leads to null pointer dereference. It is possible to initiate the attack remote |
| CVE-2025-8184 | 2025-07-26 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-513 | A vulnerability was found in D-Link DIR-513 up to 1.10 and classified as critical. This issue affects the function formSetWanL2TPcallback of the file /goform/formSetWanL2TPtriggers of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack may be in |
| CVE-2025-8159 | 2025-07-25 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-513 | A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. This issue affects the function formLanguageChange of the file /goform/formLanguageChange of the component HTTP POST Request Handler. The manipulation of the argument curTime leads to stack-based buffer overflow. The att |
| CVE-2025-8168 | 2025-07-25 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-513 | A vulnerability was found in D-Link DIR-513 1.10. It has been rated as critical. Affected by this issue is the function websAspInit of the file /goform/formSetWanPPPoE. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclo |
| CVE-2025-8169 | 2025-07-25 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-513 | A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function formSetWanPPTPcallback of the file /goform/formSetWanPPTPpath of the component HTTP POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. It is possible to initi |
| CVE-2025-7932 | 2025-07-21 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DIR‑817L | A vulnerability classified as critical has been found in D-Link DIR‑817L up to 1.04B01. This affects the function lxmldbc_system of the file ssdpcgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be u |
| CVE-2025-7908 | 2025-07-20 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DI-8100 | A vulnerability was found in D-Link DI-8100 1.0. It has been declared as critical. Affected by this vulnerability is the function sprintf of the file /ddns.asp?opt=add of the component jhttpd. The manipulation of the argument mx leads to stack-based buffer overflow. The attack can be launched remote |
| CVE-2025-7909 | 2025-07-20 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-513 | A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. Affected by this issue is the function sprintf of the file /goform/formLanSetupRouterSettings of the component Boa Webserver. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may |
| CVE-2025-7910 | 2025-07-20 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-513 | A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function sprintf of the file /goform/formSetWanNonLogin of the component Boa Webserver. The manipulation of the argument curTime leads to stack-based buffer overflow. It is possible to initiate the attack |
| CVE-2025-7911 | 2025-07-20 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DI-8100 | A vulnerability classified as critical was found in D-Link DI-8100 1.0. This vulnerability affects the function sprintf of the file /upnp_ctrl.asp of the component jhttpd. The manipulation of the argument remove_ext_proto/remove_ext_port leads to stack-based buffer overflow. The attack can be initia |
| CVE-2025-7836 | 2025-07-19 | 5.3v4.0 | POC | — | Low | Low | YES | 0.0 | DIR-816L | A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function lxmldbc_system of the file /htdocs/cgibin of the component Environment Variable Handler. The manipulation leads to command injection. The attack can be launched |
| CVE-2025-7762 | 2025-07-17 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DI-8100 | A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07.26A1. This issue affects some unknown processing of the file /menu_nat_more.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely |
| CVE-2025-34125 | 2025-07-16 | 9.3v4.0 | POC | — | Low | None | YES | 0.0 | DSP-W110A1 | An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted cookie values are processed, allowing remote attackers to execute arbitrary commands on the underlying |
| CVE-2025-7602 | 2025-07-14 | 8.6v4.0 | POC | — | Low | High | no | 0.0 | DI-8100 | A vulnerability was found in D-Link DI-8100 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /arp_sys.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has b |
| CVE-2025-7603 | 2025-07-14 | 8.6v4.0 | POC | — | Low | High | no | 0.0 | DI-8100 | A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. Affected is an unknown function of the file /jingx.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit h |
| CVE-2025-7192 | 2025-07-08 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DIR-645 | A vulnerability was found in D-Link DIR-645 up to 1.05B01 and classified as critical. This issue affects the function ssdpcgi_main of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to |
| CVE-2025-7194 | 2025-07-08 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DI-500WF | A vulnerability was found in D-Link DI-500WF 17.04.10A1T. It has been declared as critical. Affected by this vulnerability is the function sprintf of the file ip_position.asp of the component jhttpd. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be launched |
| CVE-2025-7206 | 2025-07-08 | 9.3v4.0 | POC | — | Low | None | YES | 0.0 | DIR-825 | A vulnerability, which was classified as critical, has been found in D-Link DIR-825 2.10. This issue affects the function sub_410DDC of the file switch_language.cgi of the component httpd. The manipulation of the argument Language leads to stack-based buffer overflow. The attack may be initiated rem |
| CVE-2025-6882 | 2025-06-30 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-513 | A vulnerability classified as critical has been found in D-Link DIR-513 1.0. This affects an unknown part of the file /goform/formSetWanPPTP. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi |
| CVE-2025-6896 | 2025-06-30 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DI-7300G+ | A vulnerability classified as critical has been found in D-Link DI-7300G+ 19.12.25A1. Affected is an unknown function of the file wget_test.asp. The manipulation of the argument url leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the pub |
| CVE-2025-6898 | 2025-06-30 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DI-7300G+ | A vulnerability, which was classified as critical, has been found in D-Link DI-7300G+ 19.12.25A1. Affected by this issue is some unknown functionality of the file in proxy_client.asp. The manipulation of the argument proxy_srv/proxy_lanport/proxy_lanip/proxy_srvport leads to os command injection. Th |
| CVE-2025-6899 | 2025-06-30 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DI-7300G+DI-8200G | A vulnerability, which was classified as critical, was found in D-Link DI-7300G+ and DI-8200G 17.12.20A1/19.12.25A1. This affects an unknown part of the file msp_info.htm. The manipulation of the argument flag/cmd/iface leads to os command injection. It is possible to initiate the attack remotely. T |
| CVE-2025-6931 | 2025-06-30 | 6.3v4.0 | POC | — | High | None | no | 0.0 | DCS-6517DCS-7517 | A vulnerability classified as problematic was found in D-Link DCS-6517 and DCS-7517 up to 2.02.0. Affected by this vulnerability is the function generate_pass_from_mac of the file /bin/httpd of the component Root Password Generation Handler. The manipulation leads to insufficient entropy. The attack |
| CVE-2025-34048 | 2025-06-26 | 8.7v4.0 | POC | — | Low | None | YES | 0.0 | DSL-2730UDSL-2750EDSL-2750U | A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN_1.02, SEA_1.04, and SEA_1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI |
| CVE-2025-6614 | 2025-06-25 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L | A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.06B01. Affected by this issue is the function formSetWANType_Wizard5 of the file /goform/formSetWANType_Wizard5. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be lau |
| CVE-2025-6615 | 2025-06-25 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L | A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.06B01. This affects the function formAutoDetecWAN_wizard4 of the file /goform/formAutoDetecWAN_wizard4. The manipulation of the argument curTime leads to stack-based buffer overflow. It is possible to initiate the atta |
| CVE-2025-6616 | 2025-06-25 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L | A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. This vulnerability affects the function formSetWAN_Wizard51 of the file /goform/formSetWAN_Wizard51. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack can be initiated remote |
| CVE-2025-6617 | 2025-06-25 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L | A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulation of the argument webpage leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has |
| CVE-2025-6374 | 2025-06-21 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L | A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. This issue affects the function formSetACLFilter of the file /goform/formSetACLFilter. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has |
| CVE-2025-6291 | 2025-06-20 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-825 | A vulnerability, which was classified as critical, was found in D-Link DIR-825 2.03. This affects the function do_file of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to |
| CVE-2025-6292 | 2025-06-20 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-825 | A vulnerability has been found in D-Link DIR-825 2.03 and classified as critical. This vulnerability affects the function sub_4091AC of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed |
| CVE-2025-6328 | 2025-06-20 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-815 | A vulnerability was found in D-Link DIR-815 1.01. It has been declared as critical. This vulnerability affects the function sub_403794 of the file hedwig.cgi. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and |
| CVE-2025-6334 | 2025-06-20 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-867 | A vulnerability has been found in D-Link DIR-867 1.0 and classified as critical. This vulnerability affects the function strncpy of the component Query String Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the p |
| CVE-2025-6367 | 2025-06-20 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L | A vulnerability was found in D-Link DIR-619L 2.06B01. It has been declared as critical. This vulnerability affects unknown code of the file /goform/formSetDomainFilter. The manipulation of the argument curTime/sched_name_%d/url_%d leads to stack-based buffer overflow. The attack can be initiated rem |
| CVE-2025-6368 | 2025-06-20 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L | A vulnerability was found in D-Link DIR-619L 2.06B01. It has been rated as critical. This issue affects the function formSetEmail of the file /goform/formSetEmail. The manipulation of the argument curTime/config.smtp_email_subject leads to stack-based buffer overflow. The attack may be initiated rem |
| CVE-2025-6369 | 2025-06-20 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L | A vulnerability classified as critical has been found in D-Link DIR-619L 2.06B01. Affected is the function formdumpeasysetup of the file /goform/formdumpeasysetup. The manipulation of the argument curTime/config.save_network_enabled leads to stack-based buffer overflow. It is possible to launch the |
| CVE-2025-6370 | 2025-06-20 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L | A vulnerability classified as critical was found in D-Link DIR-619L 2.06B01. Affected by this vulnerability is the function formWlanGuestSetup of the file /goform/formWlanGuestSetup. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack can be launched remotely. T |
| CVE-2025-6371 | 2025-06-20 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L | A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.06B01. Affected by this issue is the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be launched |
| CVE-2025-6372 | 2025-06-20 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L | A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.06B01. This affects the function formSetWizard1 of the file /goform/formSetWizard1. The manipulation of the argument curTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exp |
| CVE-2025-6373 | 2025-06-20 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L | A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. This vulnerability affects the function formSetWizard1 of the file /goform/formWlSiteSurvey. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack can be initiated remotely. The |
| CVE-2025-6158 | 2025-06-17 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-665 | A vulnerability classified as critical has been found in D-Link DIR-665 1.00. This affects the function sub_AC78 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the pu |
| CVE-2025-6114 | 2025-06-16 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L | A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. Affected by this vulnerability is the function form_portforwarding of the file /goform/form_portforwarding. The manipulation of the argument ingress_name_%d/sched_name_%d/name_%d leads to stack-based buffer overflo |
| CVE-2025-6115 | 2025-06-16 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L | A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. Affected by this issue is the function form_macfilter. The manipulation of the argument mac_hostname_%d/sched_name_%d leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been discl |
| CVE-2025-6121 | 2025-06-16 | 9.3v4.0 | POC | — | Low | None | YES | 0.0 | DIR-632 | A vulnerability, which was classified as critical, has been found in D-Link DIR-632 FW103B08. Affected by this issue is the function get_pure_content of the component HTTP POST Request Handler. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack may be la |
| CVE-2025-5912 | 2025-06-10 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-632 | A vulnerability was found in D-Link DIR-632 FW103B08. It has been declared as critical. This vulnerability affects the function do_file of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclo |
| CVE-2025-5969 | 2025-06-10 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-632 | A vulnerability has been found in D-Link DIR-632 FW103B08 and classified as critical. Affected by this vulnerability is the function FUN_00425fd8 of the file /biurl_grou of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack can be launched remo |
| CVE-2025-5622 | 2025-06-05 | 9.3v4.0 | POC | — | Low | None | YES | 0.0 | DIR-816 | A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g of the file /goform/wirelessApcli_5g. The manipulation of the argument apcli_mode_5g/apcli_enc_5g/apcli_default_key_5g leads to stack-based buffer overflow. The a |
| CVE-2025-5623 | 2025-06-05 | 9.3v4.0 | POC | — | Low | None | YES | 0.0 | DIR-816 | A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to stack-based buffer overflow. It is possible to initiate the attack r |
| CVE-2025-5624 | 2025-06-05 | 9.3v4.0 | POC | — | Low | None | YES | 0.0 | DIR-816 | A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The manipulation of the argument port0_group/port0_remarker/ssid0_group/ssid0_remarker leads to stack-based buffer overflow. |
| CVE-2025-5630 | 2025-06-05 | 9.3v4.0 | POC | — | Low | None | YES | 0.0 | DIR-816 | A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vulnerability affects unknown code of the file /goform/form2lansetup.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been d |
| CVE-2025-5571 | 2025-06-04 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DCS-932L | A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. Affected is the function setSystemAdmin of the file /setSystemAdmin. The manipulation of the argument AdminID leads to os command injection. It is possible to launch the attack remotely. The exploit has been di |
| CVE-2025-5572 | 2025-06-04 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DCS-932L | A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. Affected by this vulnerability is the function setSystemEmail of the file /setSystemEmail. The manipulation of the argument EmailSMTPPortNumber leads to stack-based buffer overflow. The attack can be launched rem |
| CVE-2025-5573 | 2025-06-04 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DCS-932L | A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by this issue is the function setSystemWizard/setSystemControl of the file /setSystemWizard. The manipulation of the argument AdminID leads to os command injection. The attack may be launched remotely. The |
| CVE-2025-5620 | 2025-06-04 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DIR-816 | A vulnerability, which was classified as critical, was found in D-Link DIR-816 1.10CNB05. Affected is the function setipsec_config of the file /goform/setipsec_config. The manipulation of the argument localIP/remoteIP leads to os command injection. It is possible to launch the attack remotely. The e |
| CVE-2025-5621 | 2025-06-04 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DIR-816 | A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this vulnerability is the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to os command injection. The attack can be launched re |
| CVE-2025-5215 | 2025-05-27 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DCS-5020L | A vulnerability classified as critical has been found in D-Link DCS-5020L 1.01_B2. This affects the function websReadEvent of the file /rame/ptdc.cgi. The manipulation of the argument Authorization leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has |
| CVE-2025-4902 | 2025-05-19 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DI-7003GV2 | A vulnerability, which was classified as problematic, has been found in D-Link DI-7003GV2 24.04.18D1 R(68125). Affected by this issue is the function sub_48F4F0 of the file /H5/versionupdate.data. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has |
| CVE-2025-4903 | 2025-05-19 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DI-7003GV2 | A vulnerability, which was classified as critical, was found in D-Link DI-7003GV2 24.04.18D1 R(68125). This affects the function sub_41F4F0 of the file /H5/webgl.asp?tggl_port=0&remote_management=0&http_passwd=game&exec_service=admin-restart. The manipulation leads to unverified password change. It |
| CVE-2025-4904 | 2025-05-19 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DI-7003GV2 | A vulnerability has been found in D-Link DI-7003GV2 24.04.18D1 R(68125) and classified as problematic. This vulnerability affects the function sub_41F0FC of the file /H5/webgl.data. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed |
| CVE-2025-4883 | 2025-05-18 | 8.6v4.0 | POC | — | Low | High | no | 0.0 | DI-8100 | A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been declared as critical. This vulnerability affects the function ctxz_asp of the file /ctxz.asp of the component Connection Limit Page. The manipulation of the argument def/defTcp/defUdp/defIcmp/defOther leads to stack-based buffer ove |
| CVE-2025-4841 | 2025-05-17 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DCS-932L | A vulnerability was found in D-Link DCS-932L 2.18.01 and classified as critical. Affected by this issue is the function sub_404780 of the file /bin/gpio. The manipulation of the argument CameraName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclo |
| CVE-2025-4842 | 2025-05-17 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DCS-932L | A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. This vulnerability affects the function isUCPCameraNameChanged of the file /sbin/ucp. The manipulation of the argument CameraName leads to stack-based buffer overflow. The attack can be initiated remotely. The ex |
| CVE-2025-4843 | 2025-05-17 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DCS-932L | A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. This affects the function SubUPnPCSInit of the file /sbin/udev. The manipulation of the argument CameraName leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has |
| CVE-2025-4749 | 2025-05-16 | 8.7v4.0 | POC | — | Low | None | YES | 0.0 | DI-7003GV2 | A vulnerability classified as critical was found in D-Link DI-7003GV2 24.04.18D1 R(68125). This vulnerability affects the function sub_4983B0 of the file /H5/backup.asp?opt=reset of the component Factory Reset Handler. The manipulation leads to denial of service. The attack can be initiated remotely |
| CVE-2025-4750 | 2025-05-16 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DI-7003GV2 | A vulnerability, which was classified as problematic, has been found in D-Link DI-7003GV2 24.04.18D1 R(68125). This issue affects some unknown processing of the file /H5/get_version.data of the component Configuration Handler. The manipulation leads to information disclosure. The attack may be initi |
| CVE-2025-4751 | 2025-05-16 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DI-7003GV2 | A vulnerability, which was classified as problematic, was found in D-Link DI-7003GV2 24.04.18D1 R(68125). Affected is an unknown function of the file /index.data. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the pub |
| CVE-2025-4752 | 2025-05-16 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DI-7003GV2 | A vulnerability has been found in D-Link DI-7003GV2 24.04.18D1 R(68125) and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /install_base.data. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has bee |
| CVE-2025-4753 | 2025-05-16 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DI-7003GV2 | A vulnerability was found in D-Link DI-7003GV2 24.04.18D1 R(68125) and classified as problematic. Affected by this issue is some unknown functionality of the file /login.data. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the |
| CVE-2025-4755 | 2025-05-16 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DI-7003GV2 | A vulnerability was found in D-Link DI-7003GV2 24.04.18D1 R(68125). It has been classified as critical. This affects the function sub_497DE4 of the file /H5/netconfig.asp. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclose |
| CVE-2025-4756 | 2025-05-16 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DI-7003GV2 | A vulnerability was found in D-Link DI-7003GV2 24.04.18D1 R(68125). It has been declared as problematic. This vulnerability affects unknown code of the file /H5/restart.asp. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the publi |
| CVE-2025-4544 | 2025-05-11 | 7.5v4.0 | POC | — | High | High | no | 0.0 | DI-8100 | A vulnerability was found in D-Link DI-8100 up to 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /ddos.asp of the component jhttpd. The manipulation of the argument def_max/def_time/def_tcp_max/def_tcp_time/def_udp_max/def_udp_time/def_icmp_max leads to |
| CVE-2025-4448 | 2025-05-09 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L | A vulnerability classified as critical was found in D-Link DIR-619L 2.04B04. This vulnerability affects the function formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure. Thi |
| CVE-2025-4451 | 2025-05-09 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L | A vulnerability has been found in D-Link DIR-619L 2.04B04 and classified as critical. Affected by this vulnerability is the function formSetWAN_Wizard52. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this |
| CVE-2025-4452 | 2025-05-09 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L | A vulnerability was found in D-Link DIR-619L 2.04B04 and classified as critical. Affected by this issue is the function formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure. This v |
| CVE-2025-4453 | 2025-05-09 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L | A vulnerability was found in D-Link DIR-619L 2.04B04. It has been classified as critical. This affects the function formSysCmd. The manipulation of the argument sysCmd leads to command injection. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure. Th |
| CVE-2025-4454 | 2025-05-09 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L | A vulnerability was found in D-Link DIR-619L 2.04B04. It has been declared as critical. This vulnerability affects the function wake_on_lan. The manipulation of the argument mac leads to command injection. The attack can be initiated remotely. The vendor was contacted early about this disclosure. Th |
| CVE-2025-4340 | 2025-05-06 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DIR-806A1DIR-890L | A vulnerability classified as critical has been found in D-Link DIR-890L and DIR-806A1 up to 100CNb11/108B03. Affected is the function sub_175C8 of the file /htdocs/soap.cgi. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to |
| CVE-2025-4341 | 2025-05-06 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DIR-880L | A vulnerability classified as critical was found in D-Link DIR-880L up to 104WWb01. Affected by this vulnerability is the function sub_16570 of the file /htdocs/ssdpcgi of the component Request Header Handler. The manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to comman |
| CVE-2025-2717 | 2025-03-24 | 5.1v4.0 | POC | — | Low | High | no | 0.0 | DIR-823X | A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802. This issue affects the function sub_41710C of the file /goform/diag_nslookup of the component HTTP POST Request Handler. The manipulation of the argument target_addr leads to os command injection. The |
| CVE-2025-2618 | 2025-03-22 | 9.3v4.0 | POC | — | Low | None | YES | 0.0 | DAP-1620 | A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function set_ws_action of the file /dws/api/ of the component Path Handler. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit |
| CVE-2025-2619 | 2025-03-22 | 9.3v4.0 | POC | — | Low | None | YES | 0.0 | DAP-1620 | A vulnerability, which was classified as critical, was found in D-Link DAP-1620 1.03. This affects the function check_dws_cookie of the file /storage of the component Cookie Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit ha |
| CVE-2025-2620 | 2025-03-22 | 9.3v4.0 | POC | — | Low | None | YES | 0.0 | DAP-1620 | A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remot |
| CVE-2025-2621 | 2025-03-22 | 9.3v4.0 | POC | — | Low | None | YES | 0.0 | DAP-1620 | A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function check_dws_cookie of the file /storage. The manipulation of the argument uid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the |
| CVE-2025-2359 | 2025-03-17 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DIR-823G | A vulnerability classified as critical has been found in D-Link DIR-823G 1.0.2B05_20181207. Affected is the function SetDDNSSettings of the file /HNAP1/ of the component DDNS Service. The manipulation of the argument SOAPAction leads to improper authorization. It is possible to launch the attack rem |
| CVE-2025-1876 | 2025-03-03 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DAP-1562 | A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Affected by this issue is the function http_request_parse of the component HTTP Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack may be launched r |
| CVE-2025-1877 | 2025-03-03 | 7.1v4.0 | POC | — | Low | Low | no | 0.0 | DAP-1562 | A vulnerability, which was classified as critical, was found in D-Link DAP-1562 1.10. This affects the function pure_auth_check of the component HTTP POST Request Handler. The manipulation of the argument a1 leads to null pointer dereference. It is possible to initiate the attack remotely. The explo |
| CVE-2025-1800 | 2025-03-01 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DAR-7000 | A vulnerability has been found in D-Link DAR-7000 3.2 and classified as critical. This vulnerability affects the function get_ip_addr_details of the file /view/vpn/sxh_vpn/sxh_vpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument ethname leads to command injection. |
| CVE-2025-1538 | 2025-02-21 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DAP-1320 | A vulnerability classified as critical was found in D-Link DAP-1320 1.00. Affected by this vulnerability is the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and ma |
| CVE-2025-1539 | 2025-02-21 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DAP-1320 | A vulnerability, which was classified as critical, has been found in D-Link DAP-1320 1.00. Affected by this issue is the function replace_special_char of the file /storagein.pd-XXXXXX. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been di |
| CVE-2025-1103 | 2025-02-07 | 7.1v4.0 | POC | — | Low | Low | no | 0.0 | DIR-823X | A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function set_wifi_blacklists of the file /goform/set_wifi_blacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to null pointer dereferen |
| CVE-2025-1104 | 2025-02-07 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DHP-W310AV | A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass by spoofing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
| CVE-2025-0481 | 2025-01-15 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DIR-878 | A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been dis |
| CVE-2025-0492 | 2025-01-15 | 8.7v4.0 | POC | — | Low | None | YES | 0.0 | DIR-823X | A vulnerability has been found in D-Link DIR-823X 240126/240802 and classified as critical. Affected by this vulnerability is the function FUN_00412244. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be us |
| CVE-2024-13102 | 2025-01-02 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DIR-816 A2 | A vulnerability classified as critical was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This vulnerability affects unknown code of the file /goform/DDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been |
| CVE-2024-13103 | 2025-01-02 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DIR-816 A2 | A vulnerability, which was classified as critical, has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This issue affects some unknown processing of the file /goform/form2AddVrtsrv.cgi of the component Virtual Service Handler. The manipulation leads to improper access controls. The attack ma |
| CVE-2024-13104 | 2025-01-02 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DIR-816 A2 | A vulnerability, which was classified as critical, was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Affected is an unknown function of the file /goform/form2AdvanceSetup.cgi of the component WiFi Settings Handler. The manipulation leads to improper access controls. It is possible to launch the |
| CVE-2024-13105 | 2025-01-02 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DIR-816 A2 | A vulnerability has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/form2Dhcpd.cgi of the component DHCPD Setting Handler. The manipulation leads to improper access controls. The attack |
| CVE-2024-13106 | 2025-01-02 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DIR-816 A2 | A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/form2IPQoSTcAdd of the component IP QoS Handler. The manipulation leads to improper access controls. The attack may be launched r |
| CVE-2024-13107 | 2025-01-02 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DIR-816 A2 | A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been classified as critical. This affects an unknown part of the file /goform/form2LocalAclEditcfg.cgi of the component ACL Handler. The manipulation leads to improper access controls. It is possible to initiate the attack |
| CVE-2024-13108 | 2025-01-02 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DIR-816 A2 | A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been declared as critical. This vulnerability affects unknown code of the file /goform/form2NetSniper.cgi. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disc |
| CVE-2024-11959 | 2024-11-28 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploi |
| CVE-2024-11960 | 2024-11-28 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has be |
| CVE-2024-11047 | 2024-11-10 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DI-8003 | A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been declared as critical. Affected by this vulnerability is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to stack-based buffer overflow. The attack can be launched remotely |
| CVE-2024-11048 | 2024-11-10 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DI-8003 | A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been rated as critical. Affected by this issue is the function dbsrv_asp of the file /dbsrv.asp. The manipulation of the argument str leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclos |
| CVE-2024-10914 | 2024-11-06 | 9.2v4.0 | POC | — | High | None | no | 0.0 | DNS-320DNS-320LWDNS-325DNS-340L | A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command |
| CVE-2024-10915 | 2024-11-06 | 9.2v4.0 | POC | — | High | None | no | 0.0 | DNS-320DNS-320LWDNS-325DNS-340L | A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument group leads to os command injection. |
| CVE-2024-10916 | 2024-11-06 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | DNS-320DNS-320LWDNS-325DNS-340L | A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate t |
| CVE-2024-9909 | 2024-10-13 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L B1 | A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this vulnerability is the function formSetMuti of the file /goform/formSetMuti. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has be |
| CVE-2024-9910 | 2024-10-13 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L B1 | A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been di |
| CVE-2024-9911 | 2024-10-13 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L B1 | A vulnerability was found in D-Link DIR-619L B1 2.06. It has been classified as critical. This affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been |
| CVE-2024-9912 | 2024-10-13 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L B1 | A vulnerability was found in D-Link DIR-619L B1 2.06. It has been declared as critical. This vulnerability affects the function formSetQoS of the file /goform/formSetQoS. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been dis |
| CVE-2024-9913 | 2024-10-13 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L B1 | A vulnerability was found in D-Link DIR-619L B1 2.06. It has been rated as critical. This issue affects the function formSetRoute of the file /goform/formSetRoute. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed |
| CVE-2024-9914 | 2024-10-13 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L B1 | A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06. Affected is the function formSetWizardSelectMode of the file /goform/formSetWizardSelectMode. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit |
| CVE-2024-9915 | 2024-10-13 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L B1 | A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has bee |
| CVE-2024-9782 | 2024-10-10 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L B1 | A vulnerability was found in D-Link DIR-619L B1 2.06. It has been declared as critical. This vulnerability affects the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. Th |
| CVE-2024-9783 | 2024-10-10 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L B1 | A vulnerability was found in D-Link DIR-619L B1 2.06. It has been rated as critical. This issue affects the function formLogDnsquery of the file /goform/formLogDnsquery. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disc |
| CVE-2024-9784 | 2024-10-10 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L B1 | A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06. Affected is the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been |
| CVE-2024-9785 | 2024-10-10 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L B1 | A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formSetDDNS of the file /goform/formSetDDNS. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclo |
| CVE-2024-9786 | 2024-10-10 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L B1 | A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. Affected by this issue is the function formSetLog of the file /goform/formSetLog. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been |
| CVE-2024-9564 | 2024-10-07 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. Affected is the function formWlanWizardSetup of the file /goform/formWlanWizardSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exp |
| CVE-2024-9565 | 2024-10-07 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. Affected by this vulnerability is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The e |
| CVE-2024-9566 | 2024-10-07 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L B1 | A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. This vulnerability affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument next_page leads to buffer overflow. The attack can be initiated remotely. The exploit has been |
| CVE-2024-9567 | 2024-10-07 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L B1 | A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. This issue affects the function formAdvFirewall of the file /goform/formAdvFirewall. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has |
| CVE-2024-9568 | 2024-10-07 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L B1 | A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formAdvNetwork of the file /goform/formAdvNetwork. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been d |
| CVE-2024-9569 | 2024-10-07 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L B1 | A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this vulnerability is the function formEasySetPassword of the file /goform/formEasySetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. Th |
| CVE-2024-9570 | 2024-10-07 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-619L B1 | A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formEasySetTimezone of the file /goform/formEasySetTimezone. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has |
| CVE-2024-9549 | 2024-10-06 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formEasySetupWizard/formEasySetupWizard2 of the file /goform/formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remot |
| CVE-2024-9550 | 2024-10-06 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formLogDnsquery of the file /goform/formLogDnsquery. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit ha |
| CVE-2024-9551 | 2024-10-06 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formSetWanL2TP of the file /goform/formSetWanL2TP. The manipulation of the argument webpage leads to buffer overflow. The attack can be launched remotely. The e |
| CVE-2024-9552 | 2024-10-06 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been rated as critical. Affected by this issue is the function formSetWanNonLogin of the file /goform/formSetWanNonLogin. The manipulation of the argument webpage leads to buffer overflow. The attack may be launched remotely. The expl |
| CVE-2024-9553 | 2024-10-06 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formdumpeasysetup of the file /goform/formdumpeasysetup. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has |
| CVE-2024-9555 | 2024-10-06 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. Affected by this issue is the function formSetEasy_Wizard of the file /goform/formSetEasy_Wizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. |
| CVE-2024-9556 | 2024-10-06 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The |
| CVE-2024-9557 | 2024-10-06 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formSetWanPPPoE of the file /goform/formSetWanPPPoE. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit |
| CVE-2024-9558 | 2024-10-06 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formSetWanPPTP of the file /goform/formSetWanPPTP. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been discl |
| CVE-2024-9559 | 2024-10-06 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has be |
| CVE-2024-9561 | 2024-10-06 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetWAN_Wizard51/formSetWAN_Wizard52. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed |
| CVE-2024-9562 | 2024-10-06 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability classified as critical was found in D-Link DIR-605L 2.13B01 BETA. This vulnerability affects the function formSetWizard1/formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the publ |
| CVE-2024-9563 | 2024-10-06 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. This issue affects the function formWlanSetup_Wizard of the file /goform/formWlanSetup_Wizard. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. T |
| CVE-2024-9532 | 2024-10-05 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The explo |
| CVE-2024-9533 | 2024-10-05 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument next_page leads to buffer overflow. The attack may be initiated remotely. The exploit has been |
| CVE-2024-9534 | 2024-10-05 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formEasySetPassword of the file /goform/formEasySetPassword. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The ex |
| CVE-2024-9535 | 2024-10-05 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched r |
| CVE-2024-9514 | 2024-10-04 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. This vulnerability affects the function formSetDomainFilter of the file /goform/formSetDomainFilter. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. T |
| CVE-2024-9515 | 2024-10-04 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DIR-605L | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. This affects the function formSetQoS of the file /goform/formSetQoS. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been |
| CVE-2024-9004 | 2024-09-19 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DAR-7000 | A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Affected is an unknown function of the file /view/DBManage/Backup_Server_commit.php. The manipulation of the argument host leads to os command injection. It is possible to launch the attack remotely. The exploit |
| CVE-2024-8460 | 2024-09-05 | 6.3v4.0 | POC | — | High | None | no | 0.0 | DNS-320 | A vulnerability, which was classified as problematic, has been found in D-Link DNS-320 2.02b01. Affected by this issue is some unknown functionality of the file /cgi-bin/widget_api.cgi of the component Web Management Interface. The manipulation of the argument getHD/getSer/getSys leads to informatio |
| CVE-2024-8461 | 2024-09-05 | 6.9v4.0 | POC | — | Low | None | no | 0.0 | DNS-320 | A vulnerability, which was classified as problematic, was found in D-Link DNS-320 2.02b01. This affects an unknown part of the file /cgi-bin/discovery.cgi of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The |
| CVE-2024-8210 | 2024-08-27 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been classified as critical. This affe |
| CVE-2024-8211 | 2024-08-27 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been declared as critical. This vulner |
| CVE-2024-8212 | 2024-08-27 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been rated as critical. This issue aff |
| CVE-2024-8213 | 2024-08-27 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A vulnerability classified as critical has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected is the f |
| CVE-2024-8214 | 2024-08-27 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected by this vulne |
| CVE-2024-8127 | 2024-08-24 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This vulnerability aff |
| CVE-2024-8128 | 2024-08-24 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This |
| CVE-2024-8129 | 2024-08-24 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected i |
| CVE-2024-8130 | 2024-08-24 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by t |
| CVE-2024-8131 | 2024-08-24 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this i |
| CVE-2024-8132 | 2024-08-24 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been classified as critical. This affe |
| CVE-2024-8133 | 2024-08-24 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been declared as critical. This vulner |
| CVE-2024-8134 | 2024-08-24 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been rated as critical. This issue aff |
| CVE-2024-7922 | 2024-08-19 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this i |
| CVE-2024-7828 | 2024-08-15 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to |
| CVE-2024-7829 | 2024-08-15 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and D |
| CVE-2024-7830 | 2024-08-15 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-15 |
| CVE-2024-7831 | 2024-08-15 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and class |
| CVE-2024-7832 | 2024-08-15 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified |
| CVE-2024-7849 | 2024-08-15 | 8.7v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-15 |
| CVE-2024-7715 | 2024-08-13 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DNR-202LDNR-322LDNR-326DNS-1100-4DNS-120DNS-1200-05DNS-1550-04DNS-315LDNS-320DNS-320L | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240812. It has been c |
| CVE-2024-7436 | 2024-08-03 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DI-8100 | A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07. This issue affects the function msp_info_htm of the file msp_info.htm. The manipulation of the argument cmd leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to t |
| CVE-2024-7357 | 2024-08-01 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DIR-600 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgi_main of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The |
| CVE-2024-4964 | 2024-05-16 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | DAR-7000-40 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This vulnerability affects unknown code of the file /firewall/urlblist.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated re |
| CVE-2024-3272 | 2024-04-04 | 9.8v3.1 | ACTIVE | Low | None | YES | 40.6 | DNS-320LDNS-325DNS-327LDNS-340L | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The man | |
| CVE-2024-3273 | 2024-04-04 | 7.3v3.1 | ACTIVE | Low | None | YES | 40.6 | DNS-320LDNS-325DNS-327LDNS-340L | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argu | |
| CVE-2024-1786 | 2024-02-23 | 7.5v3.1 | POC | — | Low | None | YES | 0.0 | DIR-600M C1 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DIR-600M C1 3.08. Affected by this issue is some unknown functionality of the component Telnet Service. The manipulation of the argument username leads to buffer overflow. The attack may be la |
| CVE-2024-0921 | 2024-01-26 | 4.7v3.1 | POC | — | Low | High | YES | 0.0 | DIR-816 A2 | A vulnerability has been found in D-Link DIR-816 A2 1.10CNB04 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setDeviceSettings of the component Web Interface. The manipulation of the argument statuscheckpppoeuser leads to os command injecti |
| CVE-2024-0769 | 2024-01-21 | 5.3v3.1 | ACTIVE | Low | None | no | 31.2 | DIR-859 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation of the argument service with the input ../../. | |
| CVE-2024-0717 | 2024-01-19 | 5.3v3.1 | POC | — | Low | None | YES | 0.0 | DAP-1360DIR-1210DIR-1260DIR-2150DIR-300DIR-615DIR-615GFDIR-615SDIR-615TDIR-620 | A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-8 |
| CVE-2023-5322 | 2023-10-01 | 4.7v3.1 | POC | — | Low | High | no | 0.0 | DAR-7000 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sysmanage/edit_manageadmin.php. The manipulation of the argument id leads to sql injection. The attack may be |
| CVE-2023-5147 | 2023-09-25 | 6.3v3.1 | POC | — | Low | Low | no | 0.0 | DAR-7000 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been classified as critical. This affects an unknown part of the file /sysmanage/updateos.php. The manipulation of the argument 1_file_upload leads to unrestricted upload. It is possible to initiate t |
| CVE-2023-5148 | 2023-09-25 | 6.3v3.1 | POC | — | Low | Low | no | 0.0 | DAR-7000DAR-8000 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231. It has been declared as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack |
| CVE-2023-5151 | 2023-09-25 | 6.3v3.1 | POC | — | Low | Low | no | 0.0 | DAR-8000 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DAR-8000 up to 20151231. Affected by this vulnerability is an unknown functionality of the file /autheditpwd.php. The manipulation of the argument hid_id leads to sql injection. The attack can be launched remo |
| CVE-2023-5152 | 2023-09-25 | 6.3v3.1 | POC | — | Low | Low | no | 0.0 | DAR-7000DAR-8000 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected by this issue is some unknown functionality of the file /importexport.php. The manipulation of the argument sql leads to sql injection. The attac |
| CVE-2023-5154 | 2023-09-25 | 6.3v3.1 | POC | — | Low | Low | no | 0.0 | DAR-8000 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-8000 up to 20151231 and classified as critical. This vulnerability affects unknown code of the file /sysmanage/changelogo.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be ini |
| CVE-2023-5145 | 2023-09-24 | 6.3v3.1 | POC | — | Low | Low | no | 0.0 | DAR-7000 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000 up to 20151231 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation of the argument file_upload leads to unrestricted upload. The a |
| CVE-2023-5074 | 2023-09-20 | 9.8v3.1 | POC | — | Low | None | YES | 0.0 | D-View 8 | Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28 |
| CVE-2023-4711 | 2023-09-01 | 5.0v3.1 | POC | — | High | Low | no | 0.0 | DAR-8000-10 | A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230819. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. The c |
Each CVE: 10 pts base (Active only), boosted by:
KEV×2.0AC: Low×1.2PR: None×1.3PR: Low×1.1Auto×1.3