Dlink: Security Vulnerabilities
D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service.
CVSS Score
9.8
EPSS Score
0.005
Published
2024-08-06
A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07. This issue affects the function msp_info_htm of the file msp_info.htm. The manipulation of the argument cmd leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273521 was assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.024
Published
2024-08-03
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgi_main of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273329 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
CVSS Score
6.3
EPSS Score
0.011
Published
2024-08-01
D-Link DIR-820LW REVB FIRMWARE PATCH 2.03.B01_TC contains hardcoded credentials in the Telnet service, enabling attackers to log in remotely to the Telnet service and perform arbitrary commands.
CVSS Score
9.8
EPSS Score
0.007
Published
2024-07-30
In D-Link DIR-860L REVA FIRMWARE PATCH 1.10..B04, the Telnet service contains hardcoded credentials, enabling attackers to log in remotely to the Telnet service and perform arbitrary commands.
CVSS Score
9.8
EPSS Score
0.007
Published
2024-07-30
D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel
CVSS Score
9.8
EPSS Score
0.003
Published
2024-07-21
D-Link -
CWE-294: Authentication Bypass by Capture-replay
CVSS Score
9.8
EPSS Score
0.003
Published
2024-07-21
D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a remote code execution (RCE) vulnerability in the ntp_zone_val parameter at /goform/set_ntp. This vulnerability is exploited via a crafted HTTP request.
CVSS Score
9.8
EPSS Score
0.079
Published
2024-07-19
Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component.
CVSS Score
9.3
EPSS Score
0.006
Published
2024-07-16
D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE) vulnerability via the dhcpd_startip parameter at /goform/set_lan_settings.
CVSS Score
8.8
EPSS Score
0.026
Published
2024-07-08