Dir-860l Firmware Security Vulnerabilities and Issues — Dir-860l Firmware CVE List

Lucene search

DlinkDir-860l Firmware

9 matches found

CVE•added 2018/03/06 8:29 p.m.•736 views

CVE-2018-6530

OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110...

10CVSS9.8AI score0.9376EPSS

CVE•added 2019/01/02 6:29 p.m.•146 views

CVE-2018-20114

On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530.

10CVSS9.7AI score0.9376EPSS

CVE•added 2024/08/19 8:15 p.m.•47 views

CVE-2024-42812

In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.

9.8CVSS8.1AI score0.02359EPSS

CVE•added 2018/03/06 8:29 p.m.•45 views

CVE-2018-6528

XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted re...

6.1CVSS5.8AI score0.00632EPSS

CVE•added 2018/03/06 8:29 p.m.•43 views

CVE-2018-6529

XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Tre...

6.1CVSS5.8AI score0.00632EPSS

CVE•added 2024/07/30 8:15 p.m.•42 views

CVE-2024-41611

In D-Link DIR-860L REVA FIRMWARE PATCH 1.10..B04, the Telnet service contains hardcoded credentials, enabling attackers to log in remotely to the Telnet service and perform arbitrary commands.

9.8CVSS7.1AI score0.00072EPSS

CVE•added 2020/09/19 8:15 p.m.•38 views

CVE-2020-25786

webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet...

6.1CVSS6AI score0.00458EPSS

CVE•added 2018/03/06 8:29 p.m.•37 views

CVE-2018-6527

XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a craft...

6.1CVSS5.8AI score0.00632EPSS

CVE•added 2024/12/17 3:15 p.m.•37 views

CVE-2024-37605

A NULL pointer dereference in D-Link DIR-860L REVB_FIRMWARE_2.04.B04_ic5b allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

6.5CVSS6.8AI score0.00063EPSS