D-Link DIR820LA1_FW105B03 'ping_addr' - OS Command Injection

OS Command injection vulnerability in D-Link DIR820LA1FW105B03 allows attackers to escalate privileges to root via a crafted payload with the pingaddr parameter to ping.ccp. id: CVE-2023-25280 info: name: D-Link DIR820LA1FW105B03 'pingaddr' - OS Command Injection author: pussycat0x severity:...

D-LINK DIR-845L bsc_sms_inbox.php file - Information Disclosure

D-LINK DIR-845L DEVICE.ACCOUNT" - "" condition: and - type: status status: - 200 digest: 4a0a00473045022038ad599642f801f5dbb373416b0cfbf826cb8d95bc2341e510cb8656cbb6332a022...

D-Link DIR-868L/817LW - Information Disclosure

D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers are vulnerable to information disclosure vulnerabilities because certain web interfaces do not require authentication. An attacker can get the router's username and password and other information via a DEVICE.ACCOUNT value for SERVICES in...

D-Link DIR-816L 2.x - Cross-Site Scripting

D-Link DIR-816L devices 2.x before 1.10b04Beta02 contains a cross-site scripting vulnerability. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter before being printed on the webpage. An attacker can inject arbitrary script in the browser of an unsuspecting us...

D-Link DIR850 ET850-1.08TRb03 - Open Redirect

DLink DIR850 ET850-1.08TRb03 contains incorrect access control vulnerability in URL redirection, which can be used to mislead users to go to untrusted sites. id: CVE-2021-46379 info: name: D-Link DIR850 ET850-1.08TRb03 - Open Redirect author: 0xAkoko severity: medium description: DLink DIR850...

D-Link DIR-3040 1.13B03 - Information Disclosure

D-Link DIR-3040 1.13B03 is susceptible to information disclosure in the Syslog functionality. A specially crafted HTTP network request can lead to the disclosure of sensitive information. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute...

D-Link Routers - Remote Command Injection

D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 device may allow an authenticated attacker to execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for...

D-Link DAR-8000-10 - Command Injection

D-Link DAR-8000-10 version has an operating system command injection vulnerability. The vulnerability originates from the parameter id of the file /app/sys1.php which can lead to operating system command injection. id: CVE-2023-4542 info: name: D-Link DAR-8000-10 - Command Injection author:...

D-Link D-View 8 v2.0.1.28 - Authentication Bypass

Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28 id: CVE-2023-5074 info: name: D-Link D-View 8 v2.0.1.28 - Authentication Bypass author: DhiyaneshDK severity: critical description: | Use of a static key t...

D-Link NAS - Command Injection via Name Parameter

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgiuseradd of the file /cgi-bin/accountmgr.cgi?cmd=cgiuseradd. The manipulation of the argument name leads to os command...

D-Link DIR-605 - Information Disclosure

An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version - 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page id: CVE-2021-40655 info: name: D-Link DIR-605 - Information Disclosure author: DhiyaneshDK severity: high...

D-Link DIR-816L - Improper Access Control

D-Link DIR-816LFW206b01 is susceptible to improper access control. An attacker can access folders folderview.php and categoryview.php and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-28955 info: name: D-Link DIR-816L - Improper...

D-Link DVG-N5402SP - Local File Inclusion

D-Link DVG-N5402SP is susceptible to local file inclusion in products with firmware W1000CN-00, W1000CN-03, or W2000EN-00. A remote attacker can read sensitive information via a .. dot dot in the errorpage parameter. id: CVE-2015-7245 info: name: D-Link DVG-N5402SP - Local File Inclusion author:...

D-Link DNS-320 - Unauthenticated Remote Code Execution

D-Link DNS-320 FW v2.06B01 Revision Ax is susceptible to a command injection vulnerability in a systemmgr.cgi component. The component does not successfully sanitize the value of the HTTP parameters fntpserver, which in turn leads to arbitrary command execution. id: CVE-2020-25506 info: name:...

D-Link DAP-1620 - Local File Inclusion

D-Link DAP-1620 is susceptible to local file Inclusion due to path traversal that can lead to unauthorized internal files reading /etc/passwd and /etc/shadow. id: CVE-2021-46381 info: name: D-Link DAP-1620 - Local File Inclusion author: 0xAkoko severity: high description: D-Link DAP-1620 is...

EUVD-2026-32860

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP...

CVE-2026-4377

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP...

D-Link DWR-X1820 安全漏洞

The D-Link DWR-X1820 is a wireless router produced by D-Link Corporation. The D-Link DWR-X1820 has a security vulnerability. This vulnerability stems from the use of weak default passwords generated from the IMEI number, and no requirement is placed on users to change them. As a result, attackers...

D-Link Routers - Remote Code Execution

D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565 contain an unauthenticated remote code execution vulnerability. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who...

D-Link DCS-2530L/DCS-2670L - Administrator Password Disclosure

D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices are vulnerable to password disclosures vulnerabilities because the /config/getuser endpoint allows for remote administrator password disclosure. id: CVE-2020-25078 info: name: D-Link DCS-2530L/DCS-2670L - Administrator...