28 matches found
D-Link home routers plagued with critical & multiple vulnerabilities
By Sudais Asif A total of 6 vulnerabilities in D-Link's DIR-865L which is geared towards home network usage This is a post from HackRead.com Read the original post: D-Link home routers plagued with critical & multiple vulnerabilities...
CVE-2020-13783
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information...
CVE-2020-13784
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator...
CVE-2020-13786
D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF...
CVE-2020-13787
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information...
Information disclosure
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information...
CVE-2020-13783
CVE-2020-13783 affects the D-Link DIR-865L Ax firmware 1.20B01 Beta. The root cause is cleartext storage of sensitive information in the device, enabling information disclosure if storage is accessed. Multiple sources (CNVD, Red Hat) classify this as an information disclosure vulnerability. No re...
CVE-2020-13784
CVE-2020-13784 concerns the D-Link DIR-865L Ax router with firmware 1.20B01 Beta, where the pseudo-random number generator uses a predictable seed. The connected CNVD entry confirms a security feature issue vulnerability for the same device/firmware, citing the easily guessable PRNG seed as the u...
CVE-2020-13785
CVE-2020-13785 affects D-Link DIR-865L Ax with firmware 1.20B01 Beta. The vulnerability is described as Inadequate Encryption Strength in the device’s SharePort/Web access context, impacting confidentiality. Affected version is explicitly 1.20B01 Beta; CVSS v3.1 base score is 7.5 (HIGH). Connecte...
CVE-2020-13786
D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF...
CVE-2020-13786
CVE-2020-13786 refers to a CSRF vulnerability in D-Link DIR-865L Ax, version 1.20B01 Beta. Root cause per CNVD: failure to properly validate user input in the router’s web interface, enabling cross-site requests to perform unauthorized operations. Related material notes a possible path for sessio...
CVE-2020-13787
CVE-2020-13787 affects D-Link DIR-865L Ax devices with firmware 1.20B01 Beta, where sensitive information can be disclosed due to cleartext transmission over the network. The connected sources describe an information-disclosure vulnerability and a potential for attackers to sniff traffic to obtai...
CVE-2013-4857
D-Link DIR-865L has PHP File Inclusion in the router xml file...
Design/Logic Flaw
D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share...
CVE-2013-4855
CVE-2013-4855 describes a SMB Symlink Traversal in D-Link DIR-865L caused by SMB service misconfiguration that allows symbolic links to escape the Samba share. Primary sources (NVD, Red Hat, CNVD, CVE List) concur on the affected device and vulnerability class; CVSS v3.1 base score 8.8 (HIGH) wit...
CVE-2013-4856
Technical details about CVE-2013-4856 for D-Link DIR-865L are not publicly provided in the supplied documents. Monitor for updates from vendors and security feeds; current records only note information disclosure without specifics on affected versions, vectors, or fixes.
D-Link DIR Routers Multiple Cookie Disclosure Vulnerabilities (Mar 2018)
D-Link Routers DIR-860L, DIR-865L and DIR-868L are prone to multiple cookie disclosure vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Cross site scripting
XSS vulnerability in htdocs/webinc/js/advparentctrlmap.php in D-Link DIR-868L DIR868LA1FW112b04 and previous versions, DIR-865L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and previous versions allows remote attackers to read a cookie via a crafted...
CVE-2018-6527
XSS vulnerability in htdocs/webinc/js/advparentctrlmap.php in D-Link DIR-868L DIR868LA1FW112b04 and previous versions, DIR-865L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and previous versions allows remote attackers to read a cookie via a crafted...
CVE-2018-6528
XSS vulnerability in htdocs/webinc/body/bscsmssend.php in D-Link DIR-868L DIR868LA1FW112b04 and previous versions, DIR-865L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver...