Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2013-7052

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-04 Feb, 2020 | 13:49
Updated At-06 Aug, 2024 | 17:53
Rejected At-
Credits

D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:04 Feb, 2020 | 13:49
Updated At:06 Aug, 2024 | 17:53
Rejected At:
▼CVE Numbering Authority (CNA)

D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://pigstarter.krebsco.de/report/2013-12-18_dir100.txt
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/90902
x_refsource_MISC
https://www.securityfocus.com/bid/65290
x_refsource_MISC
Hyperlink: http://pigstarter.krebsco.de/report/2013-12-18_dir100.txt
Resource:
x_refsource_MISC
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/90902
Resource:
x_refsource_MISC
Hyperlink: https://www.securityfocus.com/bid/65290
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://pigstarter.krebsco.de/report/2013-12-18_dir100.txt
x_refsource_MISC
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/90902
x_refsource_MISC
x_transferred
https://www.securityfocus.com/bid/65290
x_refsource_MISC
x_transferred
Hyperlink: http://pigstarter.krebsco.de/report/2013-12-18_dir100.txt
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/90902
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.securityfocus.com/bid/65290
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:04 Feb, 2020 | 14:15
Updated At:26 Apr, 2023 | 19:27

D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
D-Link Corporation
dlink
>>dir-100_firmware>>4.03b07
cpe:2.3:o:dlink:dir-100_firmware:4.03b07:*:*:*:*:*:*:*
D-Link Corporation
dlink
>>dir-100>>-
cpe:2.3:h:dlink:dir-100:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-522Primarynvd@nist.gov
CWE ID: CWE-522
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://pigstarter.krebsco.de/report/2013-12-18_dir100.txtcve@mitre.org
Exploit
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/90902cve@mitre.org
VDB Entry
https://www.securityfocus.com/bid/65290cve@mitre.org
Third Party Advisory
VDB Entry
Hyperlink: http://pigstarter.krebsco.de/report/2013-12-18_dir100.txt
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/90902
Source: cve@mitre.org
Resource:
VDB Entry
Hyperlink: https://www.securityfocus.com/bid/65290
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

753Records found
CVE-2020-13787
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.64% / 69.49%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 16:22
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-865l_firmwaredir-865ln/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-28915
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-33.42% / 96.78%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 13:16
Updated-03 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-816_firmwaredir-816n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-13783
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.64% / 69.49%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 16:23
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-865l_firmwaredir-865ln/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-29324
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.87% / 82.37%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 13:16
Updated-03 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-816_firmwaredir-816n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-13136
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.22%
||
7 Day CHG~0.00%
Published-18 May, 2020 | 16:05
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dsp-w215dsp-w215_firmwaren/a
CVE-2023-51987
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.17%
||
7 Day CHG~0.00%
Published-11 Jan, 2024 | 00:00
Updated-20 Jun, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-822dir-822_firmwaren/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-13784
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.07% / 76.80%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 16:23
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-865l_firmwaredir-865ln/a
CWE ID-CWE-335
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
CVE-2022-29322
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.87% / 82.37%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 13:16
Updated-03 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-816_firmwaredir-816n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-13785
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.15%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 16:22
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-865l_firmwaredir-865ln/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-29329
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.66% / 93.00%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 13:16
Updated-03 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap overflow via the devicename parameter in /goform/setDeviceSettings.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dap-1330_firmwaredap-1330n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-45576
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.12% / 92.34%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 00:00
Updated-17 Sep, 2024 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the remove_ext_proto/remove_ext_port parameter of the upnp_ctrl.asp function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-di-7200gdi-7200g_firmwaredi-7100g_firmwaredi-7100g\+di-7100gdi-7300g\+_firmwaredi-7400g\+di-7003g_firmwaredi-7200g\+di-7003gdi-7400g\+_firmwaredi-7300g\+di-7200g\+_firmwaredi-7100g\+_firmwaren/adi-7300g.v2.d1di-7400g.v2.d1di-7100gv2.d1di-7200g.v2.d1di-7003gv2.d1di-7200gv2.e1
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-29327
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.50% / 80.36%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 13:16
Updated-03 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-816_firmwaredir-816n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27113
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-28.61% / 96.36%
||
7 Day CHG~0.00%
Published-14 Apr, 2021 | 13:53
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-816_firmwaredir-816n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-28955
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-89.59% / 99.53%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 11:50
Updated-03 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-816l_firmwaredir-816ln/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-46476
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-62.91% / 98.32%
||
7 Day CHG~0.00%
Published-19 Jan, 2023 | 00:00
Updated-03 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-859_a1dir-859_a1_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-47035
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 54.86%
||
7 Day CHG~0.00%
Published-31 Jan, 2023 | 00:00
Updated-27 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-825dir-825_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-12767
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.94% / 75.30%
||
7 Day CHG~0.00%
Published-21 Mar, 2020 | 00:16
Updated-04 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H Hot Fix. Attackers can execute arbitrary commands.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dap-1650dap-1650_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-45578
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.12% / 92.34%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 00:00
Updated-18 Sep, 2024 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the pap_en/chap_en parameter of the pppoe_base.asp function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-di-7200gdi-7200g_firmwaredi-7100g_firmwaredi-7100g\+di-7100gdi-7300g\+_firmwaredi-7400g\+di-7003g_firmwaredi-7200g\+di-7003gdi-7400g\+_firmwaredi-7300g\+di-7200g\+_firmwaredi-7100g\+_firmwaren/adi-7100g.v2.d1di-7300g_plus_v2.d1di-7400g_plus_v2.d1di-7100gv2.d1di-7200g_plus_v2.d1di-7003gv2.d1di-7200gv2.e1
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21820
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-2.00% / 82.93%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 10:24
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-3040_firmwaredir-3040D-Link
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-45580
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.12% / 92.34%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 00:00
Updated-16 Oct, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wild/mx and other parameters of the ddns.asp function

Action-Not Available
Vendor-n/aD-Link Corporation
Product-di-7200gdi-7200g_firmwaredi-7100g_firmwaredi-7100g\+di-7100gdi-7300g\+_firmwaredi-7400g\+di-7003g_firmwaredi-7200g\+di-7003gdi-7400g\+_firmwaredi-7300g\+di-7200g\+_firmwaredi-7100g\+_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-45573
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.94% / 91.69%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 00:00
Updated-17 Sep, 2024 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the n parameter of the mrclfile_del.asp function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-di-7200gdi-7200g_firmwaredi-7100g_firmwaredi-7100g\+di-7100gdi-7300g\+_firmwaredi-7400g\+di-7003g_firmwaredi-7200g\+di-7003gdi-7400g\+_firmwaredi-7300g\+di-7200g\+_firmwaredi-7100g\+_firmwaren/adi-7100g.v2.d1di-7300g.v2.d1di-7400g.v2.d1di-7100gv2.d1di-7200g.v2.d1di-7003gv2.d1di-7200gv2.e1
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44832
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-19.93% / 95.25%
||
7 Day CHG~0.00%
Published-14 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-3040_firmwaredir-3040n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-45572
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.15% / 91.82%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 00:00
Updated-02 Aug, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the tgfile.htm function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-di-7200gdi-7200g_firmwaredi-7100gdi-7100g\+di-7100g_firmwaredi-7300g\+_firmwaredi-7400g\+di-7003g_firmwaredi-7200g\+di-7003gdi-7400g\+_firmwaredi-7300g\+di-7200g\+_firmwaredi-7100g\+_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-45574
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-13.41% / 93.92%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 00:00
Updated-17 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the file.data function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-di-7200gdi-7200g_firmwaredi-7100gdi-7100g\+di-7100g_firmwaredi-7300g\+_firmwaredi-7400g\+di-7003g_firmwaredi-7200g\+di-7003gdi-7400g\+_firmwaredi-7300g\+di-7200g\+_firmwaredi-7100g\+_firmwaren/adi-7100g.v2.d1di-7300g.v2.d1di-7400g.v2.d1di-7100gv2.d1di-7200g.v2.d1di-7003gv2.d1di-7200gv2.e1
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44804
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 61.31%
||
7 Day CHG~0.00%
Published-22 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-882_firmwaredir-882n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21817
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-2.35% / 84.28%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 10:24
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-3040_firmwaredir-3040D-Link
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-25744
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.50% / 64.72%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 00:00
Updated-05 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetDynamicDNSSettings module.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-853_firmwaredir-853n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-8361
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-94.03% / 99.89%
||
7 Day CHG~0.00%
Published-01 May, 2015 | 00:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-10-09||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

Action-Not Available
Vendor-atermn/aD-Link CorporationRealtek Semiconductor Corp.
Product-w300pdir-900ldir-615dir-605l_firmwaredir-619l_firmwarewg1800hp3_firmwaredir-600l_firmwarewg1900hp2w1200exw1200ex-mswf800hpwg1200hp3wf300hp2_firmwarewg1200hp_firmwarew1200ex-ms_firmwarewg1800hp3wg1800hp4dir-809_firmwaredir-900l_firmwaredir-515dir-809wg1900hp2_firmwarewg1900hpwf300hp2dir-501_firmwarew500pdir-501wr8165n_firmwaredir-600lwg1200hs2_firmwaredir-905lwg1200hp2wr8165nrealtek_sdkwg1200hp2_firmwaredir-619lwf800hp_firmwarewg1900hp_firmwaredir-615_firmwarewg1200hpdir-605ldir-515_firmwarewg1200hp3_firmwarewg1200hs_firmwarew300p_firmwarewg1200hswg1800hp4_firmwaredir-905l_firmwarewg1200hs2w500p_firmwarew1200ex_firmwaren/aSDK
CVE-2013-4857
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.32% / 79.08%
||
7 Day CHG~0.00%
Published-25 Oct, 2019 | 15:36
Updated-06 Aug, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-865L has PHP File Inclusion in the router xml file.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-865l_firmwaredir-865ln/a
CWE ID-CWE-91
XML Injection (aka Blind XPath Injection)
CVE-2023-4542
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-92.32% / 99.71%
||
7 Day CHG~0.00%
Published-25 Aug, 2023 | 21:31
Updated-02 Aug, 2024 | 07:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAR-8000-10 sys1.php os command injection

A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been classified as critical. This affects an unknown part of the file /app/sys1.php. The manipulation of the argument cmd with the input id leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238047. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-D-Link Corporation
Product-dar-8000-10dar-8000-10_firmwareDAR-8000-10
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-20697
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.58% / 67.80%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 00:20
Updated-03 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing authentication for critical function in DAP-1880AC firmware version 1.21 and earlier allows a remote attacker to login to the device as an authenticated user without the access privilege via unspecified vectors.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1880acdap-1880ac_firmwareDAP-1880AC
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-45577
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.15% / 91.82%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 00:00
Updated-18 Sep, 2024 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wanid parameter of the H5/speedlimit.data function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-di-7200gdi-7200g_firmwaredi-7100g_firmwaredi-7100g\+di-7100gdi-7300g\+_firmwaredi-7400g\+di-7003g_firmwaredi-7200g\+di-7003gdi-7400g\+_firmwaredi-7300g\+di-7200g\+_firmwaredi-7100g\+_firmwaren/adi-7300g_plus_v2.d1di-7400g_plus_v2.d1di-7200g_plus_v2.d1di-7100gv2.d1di-7003gv2.d1di-7200gv2.e1
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-45575
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.12% / 92.34%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 00:00
Updated-17 Sep, 2024 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip parameter of the ip_position.asp function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-di-7200gdi-7200g_firmwaredi-7100g_firmwaredi-7100g\+di-7100gdi-7300g\+_firmwaredi-7400g\+di-7003g_firmwaredi-7200g\+di-7003gdi-7400g\+_firmwaredi-7300g\+di-7200g\+_firmwaredi-7100g\+_firmwaren/adi-7100g.v2.d1di-7300g.v2.d1di-7400g.v2.d1di-7100gv2.d1di-7200g.v2.d1di-7003gv2.d1di-7200gv2.e1
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-45579
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.12% / 92.34%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 00:00
Updated-18 Sep, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip/type parameter of the jingx.asp function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-di-7200gdi-7200g_firmwaredi-7100g_firmwaredi-7100g\+di-7100gdi-7300g\+_firmwaredi-7400g\+di-7003g_firmwaredi-7200g\+di-7003gdi-7400g\+_firmwaredi-7300g\+di-7200g\+_firmwaredi-7100g\+_firmwaren/adi-7100g.v2.d1di-7300g_plus_v2.d1di-7400g_plus_v2.d1di-7200g_plus_v2.d1di-700g_plus_v2.d1di-7003gv2.d1di-7200gv2.e1
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9284
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.56% / 91.45%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 19:00
Updated-16 Sep, 2024 | 22:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

authentication.cgi on D-Link DIR-868L devices with Singapore StarHub firmware before v1.21SHCb03 allows remote attackers to execute arbitrary code.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-singapore_starhub_firmwaredir-868ln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-44809
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.45% / 84.60%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 00:00
Updated-17 Sep, 2024 | 02:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link device DIR-820L 1.05B03 is vulnerable to Insecure Permissions.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-820l_firmwaredir-820ln/adir-820l
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-43201
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.91% / 82.57%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:00
Updated-25 Sep, 2024 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the hi_up parameter in the qos_ext.asp function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-di-7200gdi-7200g_firmwaren/adi-7200gv2.e1
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-43869
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.35% / 86.82%
||
7 Day CHG~0.00%
Published-28 Sep, 2023 | 00:00
Updated-23 Sep, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard56 function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-619ldir-619l_firmwaren/adir-619l
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-44693
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.58% / 92.97%
||
7 Day CHG~0.00%
Published-17 Oct, 2023 | 00:00
Updated-16 Sep, 2024 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /importexport.php.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dar-7000_firmwaredar-7000n/adar-7000
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-10026
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.33% / 55.01%
||
7 Day CHG~0.00%
Published-13 Jan, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows remote attackers to bypass authentication and obtain sensitive information by setting the client_login cookie to admin.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dap-1360_firmwaredap-1360n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-7471
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-35.75% / 96.95%
||
7 Day CHG+9.14%
Published-11 Jun, 2019 | 20:46
Updated-06 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-645_firmwaredir-845dir-845_firmwaredir-865_firmwaredir-300dir-865dir-600dir-645dir-300_firmwaredir-600_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-44808
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.30% / 88.43%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 00:00
Updated-16 Sep, 2024 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_4507CC function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-820l_firmwaredir-820ln/adir-820l
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-44807
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.25% / 86.62%
||
7 Day CHG~0.00%
Published-06 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-820l_firmwaredir-820ln/adir-820l
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-7860
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.64% / 69.59%
||
7 Day CHG~0.00%
Published-25 Aug, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and access_token.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dns-327ldns-320l_firmwaredns-320ldns-327l_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-287
Improper Authentication
CVE-2023-44694
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 35.81%
||
7 Day CHG~0.00%
Published-17 Oct, 2023 | 00:00
Updated-16 Sep, 2024 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /log/mailrecvview.php.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dar-7000_firmwaredar-7000n/adar-7000
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-43199
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 71.11%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:00
Updated-25 Sep, 2024 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-di-7200gdi-7200g_firmwaren/adi-7200gv2.e1
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-15894
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.69% / 81.46%
||
7 Day CHG~0.00%
Published-22 Jul, 2020 | 18:55
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-816l_firmwaredir-816ln/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-43206
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-1.61% / 81.00%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:00
Updated-24 Sep, 2024 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. This vulnerability allows attackers to execute arbitrary commands via the certDownload parameter.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dwl-6610apdwl-6610ap_firmwaren/adwl-6610ap_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-43129
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.09% / 77.03%
||
7 Day CHG~0.00%
Published-22 Sep, 2023 | 00:00
Updated-24 Sep, 2024 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of REMOTE_PORT parameters.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-806dir-806_firmwaren/adir-806_1200m11ac
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-43202
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-1.50% / 80.36%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:00
Updated-25 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dwl-6610apdwl-6610ap_firmwaren/adwl-6610ap_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 15
  • 16
  • Next
Details not found