CVE-2025-60344

A path traversal directory traversal vulnerability in D-Link DSR series routers allows unauthenticated remote attackers to manipulate input parameters used for file or directory path resolution e.g., via sequences such as “../”. Successful exploitation may allow access to files outside of the...

CVE-2025-60344

CVE-2025-60344 describes a path traversal vulnerability in the D-Link DSR series (DSR-150, DSR-150N, DSR-250N v1.09B32_WW). Unauthenticated remote attackers can manipulate file/directory path resolution (e.g., via “../”) due to insufficient input validation, potentially exposing sensitive system ...

D-Link DSR-150 安全漏洞

D-Link DSR-150 is a Unified Services Router from China AUO D-Link. A security vulnerability exists in the D-Link DSR-150 v1.09B32WWW, which stems from an unauthenticated local file inclusion vulnerability that could allow a remote attacker to gain access to sensitive configuration files in...

CVE-2025-60344

A path traversal directory traversal vulnerability in D-Link DSR series routers allows unauthenticated remote attackers to manipulate input parameters used for file or directory path resolution e.g., via sequences such as “../”. Successful exploitation may allow access to files outside of the...

CVE-2025-60344

A path traversal directory traversal vulnerability in D-Link DSR series routers allows unauthenticated remote attackers to manipulate input parameters used for file or directory path resolution e.g., via sequences such as “../”. Successful exploitation may allow access to files outside of the...

EUVD-2020-18409

Malware in sbrugna...

EUVD-2012-6459

Malware in sbrugna...

EUVD-2012-6460

Malware in sbrugna...

EUVD-2013-5778

Malware in sbrugna...

EUVD-2020-18408

Malware in sbrugna...

CVE-2021-39615

D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying...

CVE-2020-25759

An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests...

CVE-2020-18568

The D-Link DSR-250 3.14 DSR-1000N 2.11B201 UPnP service contains a command injection vulnerability, which can cause remote command execution...

CVE-2020-26567

An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore unusable for several minutes...

CVE-2020-25758

An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root...

Exploit for Classic Buffer Overflow in Dlink Dsr-150_Firmware

CVE-2024-57376 Pre-auth remote code execution exploit for D-L...

The vulnerability of D-Link DSR series router microprogramming software, related to the execution of operations beyond the buffer in memory, allows a hacker to execute arbitrary code.

The vulnerability of D-Link DSR series router microprogramming software lies in the fact that the operation data is written outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2024-57376

CVE-2024-57376 affects D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, and DSR-1000N with firmware versions 3.13–3.17B901C. The root cause is a buffer overflow in the CGI logout handling path triggered via extCpResult passed to captivePortalLib.duaLogoutInfoGet, using strcpy on user input,...

PT-2025-3435 · D Link · Dsr-250 +4

Name of the Vulnerable Software and Affected Versions: D-Link DSR-150 versions 3.13 through 3.17B901C D-Link DSR-150N versions 3.13 through 3.17B901C D-Link DSR-250 versions 3.13 through 3.17B901C D-Link DSR-250N versions 3.13 through 3.17B901C D-Link DSR-500N versions 3.13 through 3.17B901C D-Li...

The vulnerability of the /etc/passwd component in the D-Link DSR-500N router’s microprogramming system allows a hacker to gain access to the device’s basic embedded Linux operating system.

The vulnerability of the /etc/passwd component in the D-Link DSR-500N router’s microprogramming system is related to the use of pre-installed user accounts. Exploiting this vulnerability could allow a malicious actor to gain access to the device’s basic embedded Linux operating system...