Filtered by vendor Dlink
Subscriptions
Total
1125 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-46353 | 1 Dlink | 2 Dir-x1860, Dir-x1860 Firmware | 2024-11-21 | 5.3 Medium |
| An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote unauthenticated attacker to send a specially crafted HTTP request and gain knowledge of different absolute paths that are being used by the web application. | ||||
| CVE-2021-46319 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-11-21 | 9.8 Critical |
| Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use "\ " or backticks to bypass the shell metacharacters in the ssid0 or ssid1 parameters to execute arbitrary commands.This vulnerability is due to the fact that CVE-2019-17509 is not fully patched and can be bypassed by using line breaks or backticks on its basis. | ||||
| CVE-2021-46315 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-11-21 | 9.8 Critical |
| Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this vulnerability to use "\ " or backticks in the shell metacharacters in the ssid0 or ssid1 parameters to cause arbitrary command execution. Since CVE-2019-17510 vulnerability has not been patched and improved www/hnap1/control/setwizardconfig.php, can also use line breaks and backquotes to bypass. | ||||
| CVE-2021-46314 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-11-21 | 9.8 Critical |
| A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backticks can be used for command injection when judging whether it is a reasonable domain name. | ||||
| CVE-2021-46233 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-11-21 | 9.8 Critical |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function msp_info.htm. This vulnerability allows attackers to execute arbitrary commands via the cmd parameter. | ||||
| CVE-2021-46232 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-11-21 | 9.8 Critical |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function version_upgrade.asp. This vulnerability allows attackers to execute arbitrary commands via the path parameter. | ||||
| CVE-2021-46231 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-11-21 | 9.8 Critical |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function urlrd_opt.asp. This vulnerability allows attackers to execute arbitrary commands via the url_en parameter. | ||||
| CVE-2021-46230 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-11-21 | 9.8 Critical |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function upgrade_filter. This vulnerability allows attackers to execute arbitrary commands via the path and time parameters. | ||||
| CVE-2021-46229 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-11-21 | 9.8 Critical |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function usb_paswd.asp. This vulnerability allows attackers to execute arbitrary commands via the name parameter. | ||||
| CVE-2021-46228 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-11-21 | 9.8 Critical |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpd_debug.asp. This vulnerability allows attackers to execute arbitrary commands via the time parameter. | ||||
| CVE-2021-46227 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-11-21 | 9.8 Critical |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function proxy_client.asp. This vulnerability allows attackers to execute arbitrary commands via the proxy_srv, proxy_srvport, proxy_lanip, proxy_lanport parameters. | ||||
| CVE-2021-46226 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-11-21 | 9.8 Critical |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function wget_test.asp. This vulnerability allows attackers to execute arbitrary commands via the url parameter. | ||||
| CVE-2021-46108 | 1 Dlink | 2 Dsl-2730e, Dsl-2730e Firmware | 2024-11-21 | 5.4 Medium |
| D-Link DSL-2730E CT-20131125 devices allow XSS via the username parameter to the password page in the maintenance configuration. | ||||
| CVE-2021-45998 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2024-11-21 | 9.8 Critical |
| D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the LocalIPAddress parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. | ||||
| CVE-2021-44882 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2024-11-21 | 9.8 Critical |
| D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. | ||||
| CVE-2021-44881 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2024-11-21 | 9.8 Critical |
| D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. | ||||
| CVE-2021-44880 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2024-11-21 | 9.8 Critical |
| D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882_FW1.30B06_Hotfix_02 were discovered to contain a command injection vulnerability in the system function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. | ||||
| CVE-2021-44127 | 1 Dlink | 2 Dap-1360, Dap-1360f1 Firmware | 2024-11-21 | 9.8 Critical |
| In DLink DAP-1360 F1 firmware version <=v6.10 in the "webupg" binary, an attacker can use the "file" parameter to execute arbitrary system commands when the parameter is "name=deleteFile" after being authorized. | ||||
| CVE-2021-43722 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2024-11-21 | 9.8 Critical |
| D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size. | ||||
| CVE-2021-43474 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | 9.8 Critical |
| An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter in the HNAP1 function | ||||