Filtered by vendor Dlink
Subscriptions
Total
1662 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1744 | 2 D-link, Dlink | 3 Dsl-6641k, Dsl-6641k, Dsl-6641k Firmware | 2026-02-23 | 2.4 Low |
| A vulnerability was found in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function doSubmitPPP of the file sp_pppoe_user.js. The manipulation of the argument Username results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-1685 | 2 D-link, Dlink | 3 Dir-823x, Dir-823x, Dir-823x Firmware | 2026-02-23 | 3.7 Low |
| A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. This attack is characterized by high complexity. It is stated that the exploitability is difficult. The exploit is publicly available and might be used. | ||||
| CVE-2026-1625 | 2 D-link, Dlink | 3 Dwr-961, Dwr-m961, Dwr-m961 Firmware | 2026-02-23 | 6.3 Medium |
| A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub_4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument action_value results in command injection. The attack may be initiated remotely. The exploit is now public and may be used. | ||||
| CVE-2026-1624 | 2 D-link, Dlink | 3 Dwr-961, Dwr-m961, Dwr-m961 Firmware | 2026-02-23 | 6.3 Medium |
| A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fota_url leads to command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-1596 | 2 D-link, Dlink | 3 Dwr-m961, Dwr-m961, Dwr-m961 Firmware | 2026-02-23 | 6.3 Medium |
| A flaw has been found in D-Link DWR-M961 1.1.47. This vulnerability affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. | ||||
| CVE-2026-1544 | 2 D-link, Dlink | 3 Dir-823x, Dir-823x, Dir-823x Firmware | 2026-02-23 | 6.3 Medium |
| A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub_41E2A0 of the file /goform/set_mode. Performing a manipulation of the argument lan_gateway results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-1532 | 2 D-link, Dlink | 3 Dcs-700l, Dcs-700l, Dcs-700l Firmware | 2026-02-23 | 2.4 Low |
| A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. The manipulation of the argument UploadMusic leads to path traversal. The attack can only be initiated within the local network. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-1506 | 2 D-link, Dlink | 3 Dir-615, Dir-615, Dir-615 Firmware | 2026-02-23 | 7.2 High |
| A vulnerability was determined in D-Link DIR-615 4.10. Impacted is an unknown function of the file /adv_mac_filter.php of the component MAC Filter Configuration. This manipulation of the argument mac causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-1505 | 2 D-link, Dlink | 3 Dir-615, Dir-615, Dir-615 Firmware | 2026-02-23 | 7.2 High |
| A vulnerability was found in D-Link DIR-615 4.10. This issue affects some unknown processing of the file /set_temp_nodes.php of the component URL Filter. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-1448 | 2 D-link, Dlink | 3 Dir-615, Dir-615, Dir-615 Firmware | 2026-02-23 | 7.2 High |
| A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wiz_policy_3_machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-1419 | 2 D-link, Dlink | 3 Dcs700l, Dcs-700l, Dcs-700l Firmware | 2026-02-23 | 4.7 Medium |
| A weakness has been identified in D-Link DCS700l 1.03.09. Affected is an unknown function of the file /setDayNightMode of the component Web Form Handler. Executing a manipulation of the argument LightSensorControl can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-0732 | 2 D-link, Dlink | 3 Di-8200g, Di-8200g, Di-8200g Firmware | 2026-02-23 | 6.3 Medium |
| A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgrade_filter.asp. The manipulation of the argument path results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. | ||||
| CVE-2025-69542 | 1 Dlink | 2 Dir-895la1, Dir-895la1 Firmware | 2026-02-10 | 9.8 Critical |
| A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal processing logic where the DHCP hostname parameter is directly concatenated into a system command without proper sanitization. When a DHCP client renews an existing lease with a malicious hostname, arbitrary commands can be executed with root privileges. | ||||
| CVE-2025-10666 | 2 D-link, Dlink | 3 Dir-825, Dir-825, Dir-825 Firmware | 2026-02-03 | 8.8 High |
| A security flaw has been discovered in D-Link DIR-825 up to 2.10. Affected by this vulnerability is the function sub_4106d4 of the file apply.cgi. The manipulation of the argument countdown_time results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be exploited. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-65731 | 2 D-link, Dlink | 3 Dir-605l, Dir-605l, Dir-605l Firmware | 2026-01-30 | 6.8 Medium |
| An issue was discovered in D-Link Router DIR-605L (Hardware version F1; Firmware version: V6.02CN02) allowing an attacker with physical access to the UART pins to execute arbitrary commands due to presence of root terminal access on a serial interface without proper access control. | ||||
| CVE-2024-57440 | 1 Dlink | 2 Dsl-3788, Dsl-3788 Firmware | 2026-01-20 | 7.5 High |
| D-Link DSL-3788 revA1 1.01R1B036_EU_EN is vulnerable to Buffer Overflow via the COMM_MAKECustomMsg function of the webproc cgi | ||||
| CVE-2025-15391 | 1 Dlink | 2 Dir-806a, Dir-806a Firmware | 2026-01-14 | 6.3 Medium |
| A weakness has been identified in D-Link DIR-806A 100CNb11. Affected is the function ssdpcgi_main of the component SSDP Request Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-15194 | 2 D-link, Dlink | 3 Dir-600, Dir-600, Dir-600 Firmware | 2026-01-13 | 9.8 Critical |
| A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-15357 | 2 D-link, Dlink | 3 Di-7400g+, Di-7400g\+, Di-7400g\+ Firmware | 2026-01-09 | 6.3 Medium |
| A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /msp_info.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The attack can be launched remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-13306 | 2 D-link, Dlink | 12 Dir-822, Dir-825, Dwr-920 and 9 more | 2026-01-08 | 6.3 Medium |
| A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | ||||