Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-46570

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-23 Dec, 2022 | 00:00
Updated At-15 Apr, 2025 | 03:34
Rejected At-
Credits

D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWan3Settings module.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:23 Dec, 2022 | 00:00
Updated At:15 Apr, 2025 | 03:34
Rejected At:
▼CVE Numbering Authority (CNA)

D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWan3Settings module.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dlink.com/en/security-bulletin/
N/A
https://hackmd.io/%400dayResearch/r1zsTSmDs
N/A
https://hackmd.io/%400dayResearch/SetWan3Settings_l2tp
N/A
https://hackmd.io/%400dayResearch/SetWan3Settings_pppoe
N/A
https://hackmd.io/%400dayResearch/SetWan3Settings_pptp
N/A
Hyperlink: https://www.dlink.com/en/security-bulletin/
Resource: N/A
Hyperlink: https://hackmd.io/%400dayResearch/r1zsTSmDs
Resource: N/A
Hyperlink: https://hackmd.io/%400dayResearch/SetWan3Settings_l2tp
Resource: N/A
Hyperlink: https://hackmd.io/%400dayResearch/SetWan3Settings_pppoe
Resource: N/A
Hyperlink: https://hackmd.io/%400dayResearch/SetWan3Settings_pptp
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dlink.com/en/security-bulletin/
x_transferred
https://hackmd.io/%400dayResearch/r1zsTSmDs
x_transferred
https://hackmd.io/%400dayResearch/SetWan3Settings_l2tp
x_transferred
https://hackmd.io/%400dayResearch/SetWan3Settings_pppoe
x_transferred
https://hackmd.io/%400dayResearch/SetWan3Settings_pptp
x_transferred
Hyperlink: https://www.dlink.com/en/security-bulletin/
Resource:
x_transferred
Hyperlink: https://hackmd.io/%400dayResearch/r1zsTSmDs
Resource:
x_transferred
Hyperlink: https://hackmd.io/%400dayResearch/SetWan3Settings_l2tp
Resource:
x_transferred
Hyperlink: https://hackmd.io/%400dayResearch/SetWan3Settings_pppoe
Resource:
x_transferred
Hyperlink: https://hackmd.io/%400dayResearch/SetWan3Settings_pptp
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:23 Dec, 2022 | 19:15
Updated At:15 Apr, 2025 | 04:15

D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWan3Settings module.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
D-Link Corporation
dlink
>>dir-882_a1_firmware>>1.30b06
cpe:2.3:o:dlink:dir-882_a1_firmware:1.30b06:*:*:*:*:*:*:*
D-Link Corporation
dlink
>>dir-882_a1>>-
cpe:2.3:h:dlink:dir-882_a1:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-787Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-787
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://hackmd.io/%400dayResearch/SetWan3Settings_l2tpcve@mitre.org
N/A
https://hackmd.io/%400dayResearch/SetWan3Settings_pppoecve@mitre.org
N/A
https://hackmd.io/%400dayResearch/SetWan3Settings_pptpcve@mitre.org
N/A
https://hackmd.io/%400dayResearch/r1zsTSmDscve@mitre.org
N/A
https://www.dlink.com/en/security-bulletin/cve@mitre.org
Vendor Advisory
https://hackmd.io/%400dayResearch/SetWan3Settings_l2tpaf854a3a-2127-422b-91ae-364da2661108
N/A
https://hackmd.io/%400dayResearch/SetWan3Settings_pppoeaf854a3a-2127-422b-91ae-364da2661108
N/A
https://hackmd.io/%400dayResearch/SetWan3Settings_pptpaf854a3a-2127-422b-91ae-364da2661108
N/A
https://hackmd.io/%400dayResearch/r1zsTSmDsaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.dlink.com/en/security-bulletin/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://hackmd.io/%400dayResearch/SetWan3Settings_l2tp
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://hackmd.io/%400dayResearch/SetWan3Settings_pppoe
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://hackmd.io/%400dayResearch/SetWan3Settings_pptp
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://hackmd.io/%400dayResearch/r1zsTSmDs
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.dlink.com/en/security-bulletin/
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://hackmd.io/%400dayResearch/SetWan3Settings_l2tp
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://hackmd.io/%400dayResearch/SetWan3Settings_pppoe
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://hackmd.io/%400dayResearch/SetWan3Settings_pptp
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://hackmd.io/%400dayResearch/r1zsTSmDs
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.dlink.com/en/security-bulletin/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

536Records found
CVE-2022-46569
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.76% / 72.36%
||
7 Day CHG~0.00%
Published-23 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Key parameter in the SetWLanRadioSecurity module.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-882_a1dir-882_a1_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-46562
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.76% / 72.36%
||
7 Day CHG~0.00%
Published-23 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the PSK parameter in the SetQuickVPNSettings module.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-882_a1dir-882_a1_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-46566
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.05% / 76.62%
||
7 Day CHG~0.00%
Published-23 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetQuickVPNSettings module.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-882_a1dir-882_a1_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-46563
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.05% / 76.62%
||
7 Day CHG~0.00%
Published-23 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetDynamicDNSSettings module.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-882_a1dir-882_a1_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-46568
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.05% / 76.62%
||
7 Day CHG~0.00%
Published-23 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the AccountPassword parameter in the SetSysEmailSettings module.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-882_a1dir-882_a1_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-46561
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.05% / 76.62%
||
7 Day CHG~0.00%
Published-23 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWanSettings module.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-882_a1dir-882_a1_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-46560
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.05% / 76.62%
||
7 Day CHG~0.00%
Published-23 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWan2Settings module.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-882_a1dir-882_a1_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-4883
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-0.25% / 48.33%
||
7 Day CHG~0.00%
Published-18 May, 2025 | 14:31
Updated-21 May, 2025 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DI-8100 Connection Limit Page ctxz.asp ctxz_asp stack-based overflow

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been declared as critical. This vulnerability affects the function ctxz_asp of the file /ctxz.asp of the component Connection Limit Page. The manipulation of the argument def/defTcp/defUdp/defIcmp/defOther leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-di-8100g_firmwaredi-8100gDI-8100
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-4544
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.89%
||
7 Day CHG~0.00%
Published-11 May, 2025 | 18:31
Updated-22 May, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DI-8100 jhttpd ddos.asp stack-based overflow

A vulnerability was found in D-Link DI-8100 up to 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /ddos.asp of the component jhttpd. The manipulation of the argument def_max/def_time/def_tcp_max/def_tcp_time/def_udp_max/def_udp_time/def_icmp_max leads to stack-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult.

Action-Not Available
Vendor-D-Link Corporation
Product-di-8100di-8100_firmwareDI-8100
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-11021
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-90.45% / 99.59%
||
7 Day CHG~0.00%
Published-09 Mar, 2020 | 00:55
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||The impacted product is end-of-life and should be disconnected if still in use.

setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dcs-930ldcs-930l_firmwaren/aDCS-930L Devices
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-11064
Matching Score-8
Assigner-TWCERT/CC
ShareView Details
Matching Score-8
Assigner-TWCERT/CC
CVSS Score-7.2||HIGH
EPSS-0.79% / 72.85%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 07:35
Updated-15 Nov, 2024 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DSL6740C - OS Command Injection

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.

Action-Not Available
Vendor-D-Link Corporation
Product-dsl6740cdsl6740c_firmwareDSL6740Cdsl6740c_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-11063
Matching Score-8
Assigner-TWCERT/CC
ShareView Details
Matching Score-8
Assigner-TWCERT/CC
CVSS Score-7.2||HIGH
EPSS-0.79% / 72.85%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 07:30
Updated-15 Nov, 2024 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DSL6740C - OS Command Injection

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.

Action-Not Available
Vendor-D-Link Corporation
Product-dsl6740cdsl6740c_firmwareDSL6740Cdsl6740c_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-11066
Matching Score-8
Assigner-TWCERT/CC
ShareView Details
Matching Score-8
Assigner-TWCERT/CC
CVSS Score-7.2||HIGH
EPSS-0.82% / 73.49%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 07:49
Updated-24 Nov, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DSL6740C - OS Command Injection

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through the specific web page.

Action-Not Available
Vendor-D-Link Corporation
Product-dsl6740cdsl6740c_firmwareDSL6740Cdsl6740c_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-11065
Matching Score-8
Assigner-TWCERT/CC
ShareView Details
Matching Score-8
Assigner-TWCERT/CC
CVSS Score-7.2||HIGH
EPSS-0.79% / 72.85%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 07:45
Updated-15 Nov, 2024 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DSL6740C - OS Command Injection

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.

Action-Not Available
Vendor-D-Link Corporation
Product-dsl6740cdsl6740c_firmwareDSL6740Cdsl6740c_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-11062
Matching Score-8
Assigner-TWCERT/CC
ShareView Details
Matching Score-8
Assigner-TWCERT/CC
CVSS Score-7.2||HIGH
EPSS-0.79% / 72.85%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 07:28
Updated-15 Nov, 2024 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DSL6740C - OS Command Injection

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.

Action-Not Available
Vendor-D-Link Corporation
Product-dsl6740cdsl6740c_firmwareDSL6740Cdsl6740c_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21819
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-9.1||CRITICAL
EPSS-1.25% / 78.53%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 10:24
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-3040_firmwaredir-3040D-Link
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-8949
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-0.09% / 26.21%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 07:02
Updated-18 Aug, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-825 httpd ping_response.cgi get_ping_app_stat stack-based overflow

A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function get_ping_app_stat of the file ping_response.cgi of the component httpd. The manipulation of the argument ping_ipaddr leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-825_firmwaredir-825DIR-825
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2012-6613
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.98% / 75.83%
||
7 Day CHG~0.00%
Published-25 Jan, 2020 | 18:46
Updated-06 Aug, 2024 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dsr-250ndsr-250n_firmwaren/a
CVE-2012-6614
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-8.06% / 91.77%
||
7 Day CHG~0.00%
Published-19 Feb, 2020 | 14:17
Updated-06 Aug, 2024 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dsr-250ndsr-250n_firmwaren/a
CWE ID-CWE-862
Missing Authorization
CVE-2020-6765
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.79% / 72.91%
||
7 Day CHG~0.00%
Published-10 Apr, 2020 | 18:26
Updated-04 Aug, 2024 | 09:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DSL-GS225 J1 AU_1.0.4 devices allow an admin to execute OS commands by placing shell metacharacters after a supported CLI command, as demonstrated by ping -c1 127.0.0.1; cat/etc/passwd. The CLI is reachable by TELNET.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dsl-gs225dsl-gs225_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-6842
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-2.09% / 83.33%
||
7 Day CHG~0.00%
Published-21 Feb, 2020 | 15:55
Updated-04 Aug, 2024 | 09:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dch-m225dch-m225_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-7553
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.09% / 27.19%
||
7 Day CHG+0.03%
Published-13 Jul, 2025 | 23:44
Updated-18 Jul, 2025 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-818LW System Time Page os command injection

A vulnerability classified as critical has been found in D-Link DIR-818LW up to 20191215. This affects an unknown part of the component System Time Page. The manipulation of the argument NTP Server leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-818lwdir-818lw_firmwareDIR-818LW
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-29039
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.42% / 61.25%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 00:00
Updated-25 Apr, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x41dda8

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823x_firmwaredir-823xn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-2717
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 5.84%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 23:31
Updated-21 May, 2025 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-823X HTTP POST Request diag_nslookup sub_41710C os command injection

A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802. This issue affects the function sub_41710C of the file /goform/diag_nslookup of the component HTTP POST Request Handler. The manipulation of the argument target_addr leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-823x_firmwaredir-823xDIR-823X
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-25743
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.85% / 82.24%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 00:00
Updated-05 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-853 A1 FW1.20B07 was discovered to contain a command injection vulnerability in the SetVirtualServerSettings module.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-853_firmwaredir-853n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-29665
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.91% / 82.57%
||
7 Day CHG~0.00%
Published-17 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR823G_V1.0.2B05 was discovered to contain a stack overflow via the NewPassword parameters in SetPasswdSettings.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823g_firmwaredir-823gn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-29961
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 71.11%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 00:00
Updated-23 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack overflow via /goform/formTcpipSetup,

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-605ldir-605l_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27718
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.55% / 80.70%
||
7 Day CHG~0.00%
Published-09 Apr, 2023 | 00:00
Updated-11 Feb, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_498308 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir878dir878_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27719
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.55% / 80.70%
||
7 Day CHG~0.00%
Published-09 Apr, 2023 | 00:00
Updated-12 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_478360 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir878_firmwaredir878n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27720
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.15% / 77.61%
||
7 Day CHG~0.00%
Published-09 Apr, 2023 | 00:00
Updated-12 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_48d630 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-878_firmwaredir-878n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-24351
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.08% / 83.27%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the FILECODE parameter at /goform/formLogin.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-605l_firmwaredir-605ln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-24346
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.24% / 78.38%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the wan_connected parameter at /goform/formEasySetupWizard3.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-605l_firmwaredir-605ln/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-24348
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.08% / 83.27%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetACLFilter.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-605l_firmwaredir-605ln/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-24345
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.34% / 79.23%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetWanDhcpplus.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-605l_firmwaredir-605ln/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-24350
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.08% / 83.27%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the config.smtp_email_subject parameter at /goform/formSetEmail.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-605l_firmwaredir-605ln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-24800
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.68% / 70.67%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 00:00
Updated-13 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_495220 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-878dir-878_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-24352
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 63.78%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWPS.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-605l_firmwaredir-605ln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-24799
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.50% / 65.01%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 00:00
Updated-13 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_48AF78 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-878dir-878_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-19318
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.42%
||
7 Day CHG~0.00%
Published-11 Sep, 2023 | 00:00
Updated-26 Sep, 2024 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in D-Link DIR-605L, hardware version AX, firmware version 1.17beta and below, allows authorized attackers execute arbitrary code via sending crafted data to the webserver service program.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-605l_firmwaredir-605ln/adir-605l
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-24798
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.50% / 65.01%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 00:00
Updated-13 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_475FB0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-878dir-878_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-24347
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.49% / 64.66%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formSetWanDhcpplus.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-605l_firmwaredir-605ln/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25282
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.50% / 65.01%
||
7 Day CHG~0.00%
Published-15 Mar, 2023 | 00:00
Updated-27 Feb, 2025 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the config.log_to_syslog and log_opt_dropPackets parameters to mydlink_api.ccp.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-820l_firmwaredir-820ln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-24797
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.15% / 77.61%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 00:00
Updated-13 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR882 DIR882A1_FW110B02 was discovered to contain a stack overflow in the sub_48AC20 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-882_a1_firmwaredir-882_a1n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-24344
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.41% / 84.48%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWlanGuestSetup.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-605l_firmwaredir-605ln/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25283
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.59% / 68.15%
||
7 Day CHG~0.00%
Published-13 Mar, 2023 | 00:00
Updated-27 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the reserveDHCP_HostName_1.1.1.0 parameter to lan.asp.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-820l_firmwaredir-820ln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-24349
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.08% / 83.27%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetRoute.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-605l_firmwaredir-605ln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25281
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.02%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 00:00
Updated-26 Feb, 2025 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack overflow vulnerability exists in pingV4Msg component in D-Link DIR820LA1_FW105B03, allows attackers to cause a denial of service via the nextPage parameter to ping.ccp.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir820la1dir820la1_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-55599
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.41%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 00:00
Updated-26 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formWlanSetup function via the parameter f_wds_wepKey.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-619l_firmwaredir-619ln/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-15892
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.92% / 75.05%
||
7 Day CHG~0.00%
Published-22 Jul, 2020 | 18:56
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a user performs a login action from the web interface, the request values are being forwarded to the ssi binary. On the login page, the web interface restricts the password input field to a fixed length of 15 characters. The problem is that validation is being done on the client side, hence it can be bypassed. When an attacker manages to intercept the login request (POST based) and tampers with the vulnerable parameter (log_pass), to a larger length, the request will be forwarded to the webserver. This results in a stack-based buffer overflow. A few other POST variables, (transferred as part of the login request) are also vulnerable: html_response_page and log_user.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dap-1520dap-1520_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-669
Incorrect Resource Transfer Between Spheres
CVE-2022-46475
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-28.20% / 96.32%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 00:00
Updated-03 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack overflow via the service= variable in the genacgi_main function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-645_firmwaredir-645n/a
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 10
  • 11
  • Next
Details not found