Shodan
Vulnerabilities
Vulnerable Software
Dlink:  >> Dir-865l Firmware  >> 1.20b01  Security Vulnerabilities
CVE-2020-13783
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-06-03
CVE-2020-13784
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.
CVSS Score
7.5
EPSS Score
0.011
Published
2020-06-03
CVE-2020-13785
D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-06-03
CVE-2020-13786
D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.
CVSS Score
8.8
EPSS Score
0.007
Published
2020-06-03
CVE-2020-13787
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-06-03
CVE-2020-13782
D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.
CVSS Score
8.8
EPSS Score
0.171
Published
2020-06-03
CVE-2018-6527
XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.
CVSS Score
6.1
EPSS Score
0.006
Published
2018-03-06
CVE-2018-6528
XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.
CVSS Score
6.1
EPSS Score
0.006
Published
2018-03-06
CVE-2018-6529
XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.
CVSS Score
6.1
EPSS Score
0.006
Published
2018-03-06
CVE-2018-6530
Known exploited
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.
CVSS Score
9.8
EPSS Score
0.943
Published
2018-03-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved