CVE-2025-63932

D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. The HNAP service provided by cgibin does not filter the HTTP SOAPAction header field. The unauthenticated remote attacker can execute the shell command...

D-Link DIR-852 HNAP1 File Command Injection Vulnerability

D-Link DIR-852 is a dual-band Gigabit wireless router from Youxun Technology, focusing on home networking solutions and supporting Xunlei remote download function. The D-Link DIR-852 suffers from a command injection vulnerability that stems from the failure of file /HNAP1/ to properly filter...

EUVD-2025-30398

Malicious code in bioql PyPI...

CVE-2023-44406

D-Link DAP-1325 SetAPLanSettings DeviceName Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

D-Link DIR-2640 安全漏洞

The D-Link DIR-2640 is a high power Wi-Fi router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-2640 that stems from a HNAP PrivateLogin authentication bypass vulnerability...

The vulnerability of the prog.cgi component in D-Link DIR-3040 wireless router software allows a hacker to execute arbitrary code.

The vulnerability of the prog.cgi component in D-Link DIR-3040 wireless router software lies in the fact that the operation’s output escapes the buffer and is stored in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending specially crafted HNAP...

The vulnerability of the SetWan2Settings() function in D-Link DIR-3040 wireless router software allows a hacker to execute arbitrary code.

The vulnerability of the SetWan2Settings function in D-Link DIR-3040 wireless router microprogramming software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted HNAP...

The vulnerability of the HNAP1 protocol implementation in the microprogramming-based router software of D–Link DIR-823G allows a attacker to cause a service failure.

The vulnerability of the HNAP1 protocol implementation in the microprogrammed software for D–Link DIR-823G routers is related to the escape operation from the buffer boundaries in memory when processing the SetParentsControlInfo parameter. Exploiting this vulnerability allows a remote attacker to...

PT-2023-8308 · D Link · D-Link Dir-X3260

Name of the Vulnerable Software and Affected Versions: D-Link DIR-X3260 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. The specific flaw exists within the prog.cgi binary,...

D-Link DIR-846 安全漏洞

The D-Link DIR-846 is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-846 v1.00A52, which originates from allowing malicious commands to be injected via the tomographypingaddress parameter in the HNAP1 interface...

The vulnerability of the HNAP1 protocol implementation in D-Link DIR-878 microprogrammable router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the HNAP1 protocol implementation in D-Link DIR-878 microprogrammed router software is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protecte...

The vulnerability of the HNAP1 protocol implementation in D-Link DIR-2640-US router microsoftware allows a attacker to execute arbitrary code.

The vulnerability of the HNAP1 protocol implementation in D-Link DIR-2640-US router microprogramming software is related to the lack of measures to sanitize input data during the processing of the LocalIPAddress parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrar...

The vulnerability of the HNAP1 protocol implementation in D-Link DIR-2640-US router microsoftware allows a attacker to execute arbitrary code.

The vulnerability of the HNAP1 protocol implementation in D-Link DIR-2640-US router microprogramming software is related to the lack of measures to sanitize input data during the processing of the PrefixLen parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary cod...

PT-2023-3481 · D Link · D-Link Dir-823G

Name of the Vulnerable Software and Affected Versions: D-Link DIR-823G firmware version 1.02B05 Description: The issue is related to a buffer overflow in the implementation of the HNAP1 protocol in the D-Link DIR-823G router's firmware. This occurs when processing the SetParentsControlInfo...

The vulnerability of the Home Network Administration Protocol (HNAP) implementation in D-Link DIR-1935 router microsoftware allows a hacker to circumvent security restrictions.

The vulnerability of the Home Network Administration Protocol HNAP implementation in D-Link DIR-1935 router microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions remotely...

CVE-2021-45998

D-Link device DIR882 DIR882FW1.30B06Hotfix02 was discovered to contain a command injection vulnerability in the LocalIPAddress parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request...

CVE-2020-25367

A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login...

D-Link DIR-822 Buffer Overflow Vulnerability

The D-Link DIR-822 is an AC1200 Wi-Fi router. A buffer overflow vulnerability exists in the D-Link DIR-822 v.202KRb06 and earlier versions. An attacker can exploit this vulnerability to cause a buffer overflow via the long MacAddress data in the /HNAP1/SetClientInfo HNAP protocol message...

CVE-2020-15633

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10BETA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP...

D-Link DIR-842 Authentication Vulnerability

The D-Link DIR-842 is a wireless router from AUO D-Link of Taiwan, China. A security vulnerability exists in the HNAP GetCAPTCHAsetting request processing in the D-Link DIR-842. The vulnerability originates from a network system or product that does not properly authenticate a user's identity. An...