EUVD-2017-5921

Malware in sbrugna...

EUVD-2025-14125

Malicious code in bioql PyPI...

PT-2024-3752 · D Link · D-Link Dir-619L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-619L Rev.B version 2.06B1 Description: A buffer overflow issue in the /bin/boa via formTcpipSetup function of the D-Link DIR-619L router's firmware allows remote authenticated users to trigger a denial of service DoS through the...

CVE-2024-25331

DIR-822 Rev. B Firmware v2.02KRB09 and DIR-822-CA Rev. B Firmware v2.03WWb01 suffer from a LAN-Side Unauthenticated Remote Code Execution RCE vulnerability elevated from HNAP Stack-Based Buffer Overflow...

D-Link DIR-825 Rev B <= 2.10b02 NULL Pointer Dereference Vulnerability

D-Link DIR-825 Rev. B devices are prone to a NULL pointer dereference vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2020-10214

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntpsync.cgi with a sufficiently long parameter ntpserver...

CVE-2018-19988

In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath script file without...

CVE-2018-19989

In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices. In the SetQoSSettings.php source code, the uplink parameter is saved in the /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth...

Design/Logic Flaw

D-Link DIR-815 REV. B with firmware through DIR-815REVBFIRMWAREPATCH2.07.B01 devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php...

CVE-2018-10106

D-Link DIR-815 REV. B with firmware through DIR-815REVBFIRMWAREPATCH2.07.B01 devices have permission bypass and information disclosure in /htdocs/web/getcfg.php, as demonstrated by a /getcfg.php?a=%0aPOSTSERVICES%3DDEVICE.ACCOUNT%0aAUTHORIZEDGROUP%3D1 request...

CVE-2018-10107

Affected product: D-Link DIR-815 Rev. B (firmware through 2.07.B01). Vulnerable component: /htdocs/webinc/js/info.php, specifically the RESULT parameter, due to inadequate input/page protection that enables cross-site scripting. Impact: an attacker could exploit the XSS to obtain authentication c...

CVE-2018-10108

The CVE-2018-10108 entry covers a cross-site scripting (XSS) vulnerability in D-Link DIR-815 REV. B devices, reported to affect firmware up to DIR-815_REVB_FIRMWARE_PATCH_2.07.B01, specifically in the Treturn parameter of /htdocs/webinc/js/bsc_sms_inbox.php. Public sources in the connected data c...

Authentication flaw

registersend.php on D-Link DIR-850L REV. B with firmware through FW208WWb02 devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services...

CVE-2017-14417

D-Link DIR-850L REV. B devices (firmware up to FW208WWb02) are affected by CVE-2017-14417 due to register_send.php not requiring authentication, enabling unintended enrollment in mydlink Cloud Services. Root cause: missing auth on register_send.php. Impact: potential attacker could gain access or...

PT-2017-13466 · D Link · D-Link Dir-850L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-850L REV. A versions through FW114WWb07 h2ab beta1 D-Link DIR-850L REV. B versions through FW208WWb02 Description: The issue concerns the use of a hardcoded private key in the /etc/stunnel.key file across different installations,...

PT-2017-2899 · D Link · D-Link Dir-850L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-850L REV. B versions through FW208WWb02 Description: The issue is related to a hardcoded password for the Alphanetworks account, which is set to wrgac25 dlink.2013gui dir850l upon device reset. This allows remote attackers to obtai...

CVE-2016-10125

D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session...

D-Link DIR-600 and DIR-300 (rev B) Multiple Vulnerabilities

No description provided by source...

OS-Command Injection via UPnP Interface in multiple D-Link devices

Vendor: D-Link Devices: DIR-300 rev B / DIR-600 rev B / DIR-645 / DIR-845 / DIR-865 / DAP1522 ============ Vulnerable Firmware Releases: ============ DIR-300 rev B - 2.14b01 DIR-600 - 2.16b01 DIR-645 - 1.04b01 DIR-845 - 1.01b02 DIR-865 - 1.05b03 Other devices and firmware versions may be also...

D-Link DIR-645 / DIR-815 diagnostic.php Command Execution

Some D-Link Routers are vulnerable to OS Command injection in the web interface. On DIR-645 versions prior 1.03 authentication isn't needed to exploit it. On version 1.03 authentication is needed in order to trigger the vulnerability, which has been fixed definitely on version 1.04. Other D-Link...