19 matches found
CVE-2019-16920
CVE-2019-16920 is an unauthenticated remote code execution flaw in D-Link consumer routers (DIR-655C, DIR-866L, DIR-652, DHP-1565, DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, DIR-825, and others) triggered by arbitrary input to the PingTest CGI, allowing command injection and full system comp...
CVE-2014-8361
CVE-2014-8361 affects Realtek SDK’s miniigd UPnP SOAP service. The root cause is improper input validation in the NewInternalClient handling, enabling a remote attacker to execute arbitrary code. The description notes exploitation in the wild through 2023. Related sources indicate this vulnerabil...
CVE-2024-0717
Affects a wide range of D-Link devices (e.g., DAP-1360, DIR-300, DIR-615, DIR-620, DVG-series, Good Line Router v2, and others) with the vulnerability residing in the HTTP GET Request Handler for /devinfo. The underlying issue is improper handling of the area parameter, where input such as notice...
CVE-2019-17525
CVE-2019-17525 concerns the login page of the D-Link DIR-615 T1 with firmware 20.10, where an issue allows remote attackers to bypass CAPTCHA protection and perform brute-force login attempts. The connected sources confirm a CAPTCHA bypass vulnerability on DIR-615 T1 20.10, enabling credential br...
CVE-2021-42627
D-Link DIR-615 devices running firmware 20.06 are affected by CVE-2021-42627. The WAN configuration page wan.htm can be accessed without authentication, enabling disclosure of WAN settings and potential modification of page data. The Nuclei template confirms unauthorized access and describes impa...
CVE-2019-19742
CVE-2019-19742 affects D-Link DIR-615 routers, where the User Account Configuration page is vulnerable to blind XSS via the name field. Connected sources substantiate a lack of proper input validation on the web UI leading to client-side script execution; exploitation steps reported include inser...
CVE-2021-37388
CVE-2021-37388 affects the D-Link DIR-615 C2 router (firmware 3.03WW). A buffer overflow in the ping_ipaddr parameter of the ping_response.cgi POST request allows an attacker to crash the webserver and may enable remote code execution. The connected documents confirm the component and root cause ...
CVE-2018-15839
D-Link DIR-615 is affected by CVE-2018-15839: a buffer overflow can be triggered by a long Authorization HTTP header (or session cookie) in the device, enabling a denial of service effect that logs the router out and disrupts network connectivity. Exploit demonstrations describe injecting a long ...
CVE-2021-40654
The CVE-2021-40654 entry concerns D-Link DIR-615 B2 (firmware 2.01mt). A vulnerability allows information disclosure: an attacker can forge a POST request to /getcfg.php to obtain a user name and password. The issue is documented across multiple sources (NVD, CNVD/CNNVD) with the same flaw; no ex...
CVE-2019-17353
CVE-2019-17353 affects D-Link DIR-615 devices with firmware version 20.05 and 20.07. The issue: the WAN management page (wan.htm) is accessible directly without authentication, leading to potential disclosure of WAN information and the ability for an attacker to modify data fields on that page. T...
CVE-2018-15874
The connected CNVD entry describes a Cross-Site Scripting (XSS) vulnerability in D-Link DIR-615 routers using version 20.07, exploitable by injecting JavaScript into the Status → Active Client Table via the hostname field in DHCP requests. Affected component: the DHCP hostname handling on DIR-615...
CVE-2018-15875
The CVE concerns D-Link DIR-615 routers (version 20.07) with an XSS in the UPnP AddPortMapping SOAP request. The root cause is that the description field can be manipulated to inject JavaScript into the router’s admin UPnP page (Advanced→UPnP). Connected sources (CNVD-2018-16522, NVD entry) confi...
CVE-2018-25115
Multiple D-Link DIR-series routers (DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, DIR-815) are affected by a remote code execution vulnerability in the /service.cgi endpoint. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system...
CVE-2026-1448
The CVE-2026-1448 entry concerns D-Link DIR-615 Web Management Interface up to version 4.10. The vulnerability lies in the /wiz_policy_3_machine.php file where manipulating the ipaddr argument enables operating system command injection. This allows remote initiation of an exploit, and multiple so...
CVE-2026-1506
The CVE-2026-1506 entry affects D-Link DIR-615, specifically the MAC Filter Configuration component’s file /adv_mac_filter.php. The vulnerability is an OS command injection triggered by manipulating the mac argument, enabling remote execution. The issue is documented across multiple sources (NVD,...
CVE-2013-10050
CVE-2013-10050 affects D-Link DIR-300 (rev A, v1.05) and DIR-615 (rev D, v4.13). An authenticated user can exploit the tools_vct.xgi CGI endpoint to inject commands via pingIp, leading to full device compromise (telnet daemon and root shell). The flaw is tied to firmware exposing tools_vct.xgi on...
CVE-2026-1505
CVE-2026-1505 affects D-Link DIR-615 v4.10 in the URL Filter component, due to improper processing of the file “/set_temp_nodes.php” that enables OS command injection. It can be triggered remotely and the exploit has been publicly released; affected devices are those no longer maintained. Multipl...
CVE-2026-2151
The CVE-2026-2151 vulnerability affects D-Link DIR-615 (firmware 4.10) in the DMZ Host Feature, specifically the adv_firewall.php component. The root cause is manipulation of the dmz_ipaddr argument, enabling OS command injection. Impact is remote code execution with high risk to confidentiality,...
CVE-2026-2152
Summary: CVE-2026-2152 affects D-Link DIR-615 v4.10 (Web Configuration Interface). The vulnerability is in adv_routing.php; manipulating dest_ip, submask, or gw leads to OS command injection. It is remotely exploitable and the exploit has been publicized. Affected products are no longer maintaine...