Dir-850l Security Vulnerabilities
An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker to execute arbitrary code via a crafted script to the en...
9.8CVSS
9.4AI Score
0.002EPSS
D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A before v1.21B08Beta, DIR-850L B before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication...
9.8CVSS
9.6AI Score
0.002EPSS
D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A before v1.21B08Beta, DIR-850L B before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command...
8.8CVSS
8.8AI Score
0.002EPSS
An issue was discovered on D-Link DIR-850L 1.21WW devices. A partially completed WPA handshake is sufficient for obtaining full access to the wireless network. A client can access the network by sending packets on Data Frames to the AP without...
7.5CVSS
7.5AI Score
0.001EPSS
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted...
6.1CVSS
6.1AI Score
0.004EPSS
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration...
7.5CVSS
7.6AI Score
0.017EPSS
On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER...
9.8CVSS
9.7AI Score
0.013EPSS
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06),...
7.5CVSS
7.6AI Score
0.006EPSS
Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822,...
9.8CVSS
9.4AI Score
0.967EPSS
An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php or...
9.8CVSS
9.6AI Score
0.926EPSS
Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP...
8.8CVSS
8.9AI Score
0.003EPSS
htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of...
7.5CVSS
8AI Score
0.003EPSS
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection...
7.5CVSS
8AI Score
0.008EPSS
The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud...
8.1CVSS
8.9AI Score
0.005EPSS
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd*...
7.8CVSS
8.3AI Score
0.001EPSS
D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET...
9.8CVSS
9.4AI Score
0.012EPSS
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via crafted LAN...
7.5CVSS
7.8AI Score
0.003EPSS
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target)...
7.8CVSS
8.3AI Score
0.001EPSS
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd...
7.8CVSS
8.3AI Score
0.001EPSS
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to...
6.1CVSS
6.5AI Score
0.001EPSS
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to...
6.1CVSS
6.5AI Score
0.001EPSS
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to...
6.1CVSS
6.5AI Score
0.001EPSS
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to...
6.1CVSS
6.5AI Score
0.001EPSS
register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud...
9.8CVSS
9.4AI Score
0.006EPSS
The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting generated files...
9.8CVSS
9.9AI Score
0.015EPSS
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also.....
5.9CVSS
6.6AI Score
0.004EPSS
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd...
7.8CVSS
8.3AI Score
0.001EPSS
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root...
7.8CVSS
8.3AI Score
0.001EPSS
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive...
5.9CVSS
6.1AI Score
0.001EPSS
Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before...
9.8CVSS
9.9AI Score
0.024EPSS