Link Security Vulnerabilities
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'get' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'get ' function and cause memory corruption. Furthermore, it is possible to redirect the flow of.....
8.8CVSS
8.8AI Score
0.001EPSS
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'show' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'show ' function and cause memory corruption. Furthermore, it is possible to redirect the flow...
8.8CVSS
8.8AI Score
0.001EPSS
D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessage in the device common gateway interface, leading to common...
6.1CVSS
6.2AI Score
0.001EPSS
In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin...
9.8CVSS
9.5AI Score
0.005EPSS
Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user...
5.4CVSS
5.2AI Score
0.001EPSS
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative...
9.8CVSS
9.5AI Score
0.006EPSS
Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage...
7.5CVSS
8.1AI Score
0.964EPSS
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet ' function and cause memory corruption. Furthermore, it is possible to redirect.....
8.8CVSS
8.8AI Score
0.001EPSS
D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow a buffer overflow via long MacAddress data in a /HNAP1/SetClientInfo HNAP protocol message, which is mishandled in /usr/sbin/udhcpd during reading of the /var/servd/LAN-1-udhcpd.conf...
9.8CVSS
9.6AI Score
0.003EPSS
In the /HNAP1/SetWiFiVerifyAlpha message, the WPSPIN parameter is vulnerable, and the vulnerability affects D-Link DIR-822 B1 202KRb06 devices. In the SetWiFiVerifyAlpha.php source code, the WPSPIN parameter is saved in the $rphyinf1."/media/wps/enrollee/pin" and...
9.8CVSS
9.4AI Score
0.014EPSS
D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lead to a stack-based buffer overflow and overwrite a return...
9.8CVSS
10AI Score
0.013EPSS
On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary...
9.8CVSS
9.7AI Score
0.01EPSS
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing...
6.1CVSS
6AI Score
0.001EPSS
D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute...
7.2CVSS
7.3AI Score
0.004EPSS
Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified...
9.8CVSS
9.1AI Score
0.004EPSS
CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other...
8.8CVSS
9.2AI Score
0.001EPSS
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'read' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'read ' function and cause memory corruption. Furthermore, it is possible to redirect the flow...
8.8CVSS
8.8AI Score
0.001EPSS
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'unset ' function and cause memory corruption. Furthermore, it is possible to redirect the...
8.8CVSS
8.8AI Score
0.001EPSS
An issue was discovered on D-Link DIR-878 1.12B01 devices. At the /HNAP1 URI, an attacker can log in with a blank...
9.8CVSS
9.2AI Score
0.005EPSS
On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password...
9.8CVSS
9.6AI Score
0.005EPSS
D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin...
7.2CVSS
7.4AI Score
0.002EPSS
Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. 1.01 has a buffer overflow, allowing authenticated remote attackers to execute arbitrary code via a long Addr value to the 'set Diagnostics_Entry' function in an HTTP request, related to...
8.8CVSS
8.9AI Score
0.003EPSS
D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer...
8.8CVSS
8.6AI Score
0.002EPSS
D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or...
8.8CVSS
8.7AI Score
0.001EPSS
Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted requests to CGI...
8CVSS
8.5AI Score
0.003EPSS
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'commit' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'commit ' function and cause memory corruption. Furthermore, it is possible to redirect the...
8.8CVSS
8.8AI Score
0.001EPSS
In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath script file without...
9.8CVSS
9.7AI Score
0.35EPSS
An issue was discovered on D-Link DIR-878 1.12B01 devices. Because strncpy is misused, there is a stack-based buffer overflow vulnerability that does not require authentication via the HNAP_AUTH HTTP...
9.8CVSS
9.7AI Score
0.006EPSS
XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:RelaodHref or var:conid...
6.1CVSS
6AI Score
0.003EPSS
On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 RunReboot commands without authentication to trigger a...
7.5CVSS
7.7AI Score
0.001EPSS
On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library...
9.8CVSS
9.5AI Score
0.688EPSS
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to...
7.2CVSS
7.3AI Score
0.02EPSS
Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host...
9.8CVSS
9.8AI Score
0.015EPSS
4.8CVSS
4.9AI Score
0.002EPSS
The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary...
9.8CVSS
9.5AI Score
0.006EPSS
On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username...
6.1CVSS
6AI Score
0.001EPSS
D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected...
9.8CVSS
9.5AI Score
0.003EPSS
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive...
9.8CVSS
9.2AI Score
0.012EPSS
On D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) before firmware version 1.06b01, DWR-111 (A1) before firmware version 1.02v02, DWR-116 (A1) before firmware version 1.06b03, DWR-512 (B1) before firmware version 2.02b01, DWR-711 (A1) through firmware version 1.11, DWR-712 (B1)....
9.8CVSS
9.7AI Score
0.015EPSS
An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and password) in base64...
7CVSS
6.8AI Score
0.001EPSS
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the getpage parameter provided to the....
6.5CVSS
6.1AI Score
0.004EPSS
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the webproc endpoint, which listens on TCP port 80 by...
8.8CVSS
8.8AI Score
0.005EPSS
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:page parameter provided to the...
8.8CVSS
8.8AI Score
0.005EPSS
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:menu parameter provided to the...
8.8CVSS
8.8AI Score
0.005EPSS
In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices. In the SetQoSSettings.php source code, the uplink parameter is saved in the /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth...
9.8CVSS
9.4AI Score
0.015EPSS
Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject...
7.6AI Score
0.002EPSS
TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password...
7.5CVSS
7.5AI Score
0.013EPSS
TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential.....
5.7CVSS
5.4AI Score
0.001EPSS
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 6_211111 3.20.1(US) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP...
6.5CVSS
6.3AI Score
0.001EPSS
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link TL-WR940N 6_211111 3.20.1(US) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by....
8.8CVSS
8AI Score
0.0005EPSS