Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Dir-890L Firmware Security Vulnerabilities

cve
cve

CVE-2016-6563

Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818...

9.8CVSS

9.4AI Score

0.967EPSS

2018-07-13 08:29 PM
117
cve
cve

CVE-2017-14948

Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to ...

9.8CVSS

9.8AI Score

0.002EPSS

2019-10-14 06:15 PM
80
cve
cve

CVE-2018-12103

An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the predictability of the /docs/captcha_(number).jpeg URI, being lo...

6.5CVSS

6.4AI Score

0.001EPSS

2018-07-05 08:29 PM
39
cve
cve

CVE-2019-17621

The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.

9.8CVSS

9.3AI Score

0.969EPSS

2019-12-30 05:15 PM
348
In Wild
2
cve
cve

CVE-2019-20213

D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.

7.5CVSS

7.3AI Score

0.002EPSS

2020-01-02 02:16 PM
84
cve
cve

CVE-2022-29778

D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php

8.8CVSS

8.9AI Score

0.001EPSS

2022-06-03 09:15 PM
67
6
cve
cve

CVE-2022-30521

The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters ...

9.8CVSS

9.4AI Score

0.004EPSS

2022-06-02 02:15 PM
53
6
cve
cve

CVE-2023-30063

D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass.

7.5CVSS

7.5AI Score

0.002EPSS

2023-05-01 02:15 PM
32