Dlink: Security Vulnerabilities
A vulnerability was found in D-Link DIR-823G 1.0.2B05_20181207. It has been rated as critical. This issue affects the function SetAutoRebootSettings/SetClientInfo/SetDMZSettings/SetFirewallSettings/SetParentsControlInfo/SetQoSSettings/SetVirtualServerSettings of the file /HNAP1/ of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
7.3
EPSS Score
0.003
Published
2024-12-30
A NULL pointer dereference in D-Link DAP-1513 REVA_FIRMWARE_1.01 allows attackers to cause a Denial of Service (DoS) via a crafted web request without authentication. The vulnerability occurs in the /bin/webs binary of the firmware. When /bin/webs receives a carefully constructed HTTP request, it will crash and exit due to a null pointer reference, leading to a denial of service attack to the device.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-12-17
A NULL pointer dereference in D-Link DIR-860L REVB_FIRMWARE_2.04.B04_ic5b allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-12-17
A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS Score
6.5
EPSS Score
0.0
Published
2024-12-17
A Buffer overflow vulnerability in D-Link DAP-2555 REVA_FIRMWARE_1.20 allows remote attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-12-17
A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIRMWARE_1.10B04_BETA02_HOTFIX allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request without authentication.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-12-17
A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
8.8
EPSS Score
0.008
Published
2024-11-28
A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
8.8
EPSS Score
0.008
Published
2024-11-28
D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the host_ip parameter in the ipsec_road_asp function.
CVSS Score
4.9
EPSS Score
0.004
Published
2024-11-21
D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter.
CVSS Score
9.8
EPSS Score
0.032
Published
2024-11-21