CVE-2025-63932

D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. The HNAP service provided by cgibin does not filter the HTTP SOAPAction header field. The unauthenticated remote attacker can execute the shell command...

D-Link DIR-852 HNAP1 File Command Injection Vulnerability

D-Link DIR-852 is a dual-band Gigabit wireless router from Youxun Technology, focusing on home networking solutions and supporting Xunlei remote download function. The D-Link DIR-852 suffers from a command injection vulnerability that stems from the failure of file /HNAP1/ to properly filter...

EUVD-2025-30398

Malicious code in bioql PyPI...

CVE-2023-44406

D-Link DAP-1325 SetAPLanSettings DeviceName Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

D-Link DIR-2640 安全漏洞

The D-Link DIR-2640 is a high power Wi-Fi router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-2640 that stems from a HNAP PrivateLogin authentication bypass vulnerability...

PT-2023-8308 · D Link · D-Link Dir-X3260

Name of the Vulnerable Software and Affected Versions: D-Link DIR-X3260 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. The specific flaw exists within the prog.cgi binary,...

D-Link DIR-846 安全漏洞

The D-Link DIR-846 is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-846 v1.00A52, which originates from allowing malicious commands to be injected via the tomographypingaddress parameter in the HNAP1 interface...

PT-2023-3481 · D Link · D-Link Dir-823G

Name of the Vulnerable Software and Affected Versions: D-Link DIR-823G firmware version 1.02B05 Description: The issue is related to a buffer overflow in the implementation of the HNAP1 protocol in the D-Link DIR-823G router's firmware. This occurs when processing the SetParentsControlInfo...

CVE-2020-25367

A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login...

D-Link DIR-822 Buffer Overflow Vulnerability

The D-Link DIR-822 is an AC1200 Wi-Fi router. A buffer overflow vulnerability exists in the D-Link DIR-822 v.202KRb06 and earlier versions. An attacker can exploit this vulnerability to cause a buffer overflow via the long MacAddress data in the /HNAP1/SetClientInfo HNAP protocol message...

CVE-2020-15633

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10BETA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP...

D-Link DIR-842 Authentication Vulnerability

The D-Link DIR-842 is a wireless router from AUO D-Link of Taiwan, China. A security vulnerability exists in the HNAP GetCAPTCHAsetting request processing in the D-Link DIR-842. The vulnerability originates from a network system or product that does not properly authenticate a user's identity. An...

D-Link DIR-867, DIR-878 and DIR-882 HNAP Authentication Bypass Vulnerability

The D-Link DIR-867, DIR-878, and DIR-882 are wireless router products from AUO D-Link of Taiwan, China.HNAP is the existence of a protocol called HNAP Home Network Administration Protocol. A security vulnerability exists in the processing of HNAP login requests in the D-Link DIR-867, DIR-878, and...

CVE-2019-17146

This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link DCS-960L v1.07.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the...

DEBIAN-CVE-2018-16228

The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:printprefix...

VulnCheck KEV: CVE-2015-2052

Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface...

D-Link DIR-866L 'HNAP' and 'Send Email' Function Buffer Overflow Vulnerability

D-Link DIR-866L is a wireless router product from AUO D-Link. A buffer overflow vulnerability exists in the D-Link DIR-866L. An attacker can exploit this vulnerability to execute arbitrary code in an affected application, which may also result in a denial of service...