D Link
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any D Link product.
RSS Feeds for D Link security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in D Link products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by D Link Sorted by Most Security Vulnerabilities since 2018
Known Exploited D Link Vulnerabilities
The following D Link vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| D-Link Routers Buffer Overflow Vulnerability |
D-Link Routers contains a buffer overflow vulnerability that has a high impact on confidentiality, integrity, and availability. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. CVE-2022-37055 Exploit Probability: 69.8% |
December 8, 2025 |
| D-Link DNR-322L Download of Code Without Integrity Check Vulnerability |
D-Link DNR-322L contains a download of code without integrity check vulnerability that could allow an authenticated attacker to execute OS level commands on the device. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. CVE-2022-40799 Exploit Probability: 37.1% |
August 5, 2025 |
| D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability |
D-Link DCS-2530L and DCS-2670L devices contains a command injection vulnerability in the cgi-bin/ddns_enc.cgi. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. CVE-2020-25079 Exploit Probability: 48.3% |
August 5, 2025 |
| D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability |
D-Link DCS-2530L and DCS-2670L devices contains an unspecified vulnerability that could allow for remote administrator password disclosure. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. CVE-2020-25078 Exploit Probability: 94.1% |
August 5, 2025 |
| D-Link DIR-859 Router Path Traversal Vulnerability |
D-Link DIR-859 routers contain a path traversal vulnerability in the file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml allows for the leakage of session data potentially enabling privilege escalation and unauthorized control of the device. This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS CVE-2024-0769 Exploit Probability: 75.2% |
June 25, 2025 |
| D-Link DIR-820 Router OS Command Injection Vulnerability |
D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp. CVE-2023-25280 Exploit Probability: 92.8% |
September 30, 2024 |
| D-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability |
D-Link DIR-600 routers contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to change router configurations by hijacking an existing administrator session. CVE-2014-100005 Exploit Probability: 40.8% |
May 16, 2024 |
| D-Link DIR-605 Router Information Disclosure Vulnerability |
D-Link DIR-605 routers contain an information disclosure vulnerability that allows attackers to obtain a username and password by forging a post request to the /getcfg.php page. CVE-2021-40655 Exploit Probability: 92.6% |
May 16, 2024 |
| D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability |
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution. CVE-2024-3272 Exploit Probability: 94.2% |
April 11, 2024 |
| D-Link Multiple NAS Devices Command Injection Vulnerability |
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability. When combined with CVE-2024-3272, this can lead to remote, unauthorized code execution. CVE-2024-3273 Exploit Probability: 94.4% |
April 11, 2024 |
| D-Link DSL-2750B Devices Command Injection Vulnerability |
D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter. CVE-2016-20017 Exploit Probability: 93.4% |
January 8, 2024 |
| D-Link DIR-859 Router Command Execution Vulnerability |
D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to execute system commands as root by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. CVE-2019-17621 Exploit Probability: 93.0% |
June 29, 2023 |
| D-Link DWL-2600AP Access Point Command Injection Vulnerability |
D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter. CVE-2019-20500 Exploit Probability: 92.2% |
June 29, 2023 |
| D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability |
The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information. CVE-2011-4723 Exploit Probability: 12.7% |
September 8, 2022 |
| D-Link Multiple Routers OS Command Injection Vulnerability |
Multiple D-Link routers contain an unspecified vulnerability which allows for execution of OS commands. CVE-2018-6530 Exploit Probability: 94.3% |
September 8, 2022 |
| D-Link DIR-820L Remote Code Execution Vulnerability |
D-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code execution. CVE-2022-26258 Exploit Probability: 88.3% |
September 8, 2022 |
| D-Link DIR-816L Remote Code Execution Vulnerability |
D-Link DIR-816L contains an unspecified vulnerability in the shareport.php value parameter which allows for remote code execution. CVE-2022-28958 |
September 8, 2022 |
| D-Link DNS-320 Remote Code Execution Vulnerability |
The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution. CVE-2019-16057 Exploit Probability: 93.7% |
April 15, 2022 |
| D-Link Multiple Routers Remote Code Execution Vulnerability |
A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file. CVE-2021-45382 Exploit Probability: 94.2% |
April 4, 2022 |
| D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability |
A cross-site scripting (XSS) vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML. CVE-2013-5223 Exploit Probability: 35.5% |
March 25, 2022 |
Of the known exploited vulnerabilities above, 12 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 6 known exploited D Link vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
Top 10 Riskiest D Link Vulnerabilities
Based on the current exploit probability, these D Link vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.
| Rank | CVE | EPSS | Vulnerability |
|---|---|---|---|
| 1 | CVE-2024-3273 | 94.4% | D-Link Multiple NAS Devices Command Injection Vulnerability |
| 2 | CVE-2019-16920 | 94.4% | D-Link Multiple Routers Command Injection Vulnerability |
| 3 | CVE-2018-6530 | 94.3% | D-Link Multiple Routers OS Command Injection Vulnerability |
| 4 | CVE-2021-45382 | 94.2% | D-Link Multiple Routers Remote Code Execution Vulnerability |
| 5 | CVE-2024-3272 | 94.2% | D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability |
| 6 | CVE-2020-25078 | 94.1% | D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability |
| 7 | CVE-2020-25506 | 93.9% | D-Link DNS-320 Command Injection Remote Code Execution Vulnerability |
| 8 | CVE-2019-16057 | 93.7% | D-Link DNS-320 Remote Code Execution Vulnerability |
| 9 | CVE-2016-20017 | 93.4% | D-Link DSL-2750B Devices Command Injection Vulnerability |
| 10 | CVE-2015-2051 | 93.2% | D-Link DIR-645 Router Remote Code Execution Vulnerability |
By the Year
In 2026 there have been 3 vulnerabilities in D Link with an average score of 5.5 out of ten. Last year, in 2025 D Link had 8 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in D Link in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.77
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 3 | 5.53 |
| 2025 | 8 | 6.30 |
| 2024 | 1 | 0.00 |
| 2023 | 4 | 0.00 |
| 2022 | 2 | 9.80 |
| 2021 | 1 | 9.80 |
| 2020 | 1 | 0.00 |
| 2019 | 2 | 0.00 |
| 2018 | 6 | 7.70 |
It may take a day or so for new D Link vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent D Link Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-2210 | Feb 09, 2026 |
Remote OS Command Injection via /goform/set_filtering on D-Link DIR-823XA vulnerability has been found in D-Link DIR-823X 250416. This affects the function sub_4211C8 of the file /goform/set_filtering. Such manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
Dir 823x
|
| CVE-2026-2082 | Feb 07, 2026 |
OS Command Injection via /goform/set_mac_clone on D-Link DIR-823XA vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/set_mac_clone. Such manipulation of the argument mac leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used. |
Dir 823x
|
| CVE-2026-2081 | Feb 07, 2026 |
D-Link DIR-823X OS Command Injection via /goform/set_passwordA vulnerability was determined in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_password. This manipulation of the argument http_passwd causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. |
Dir 823x
|
| CVE-2018-25120 | Oct 29, 2025 |
D-Link DNS-3431.05 cmd injection via Mail_TestD-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a command injection vulnerability in the Mail Test functionality. The web maintenance script posts to the internal goForm endpoint '/goform/Mail_Test' and uses several form parameters directly in a call to a system email utility without proper input validation. An unauthenticated remote attacker can supply crafted form data that injects shell commands, resulting in execution as root on the device. NOTE: The DNS-343 product line has been declared end-of-life. |
Dns 343 Sharecenter
|
| CVE-2025-10441 | Sep 15, 2025 |
D-Link DI-8100G/8200G/8003G 17.12/19.12 OS Cmd Injection via jhttpdA vulnerability was found in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1. Affected by this issue is the function sub_433F7C of the file version_upgrade.asp of the component jhttpd. The manipulation of the argument path results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used. |
|
| CVE-2025-10440 | Sep 15, 2025 |
D-Link DI-8100 JHTTPD CLI Injection via usb_paswd.asp hname (v16/17/19)A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub_4621DC of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument hname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
Di 8100
Di 8200
Di 8003
And others... |
| CVE-2025-10401 | Sep 14, 2025 |
D-Link DIR-823x: CMD Injection via /goform/diag_ping target_addrA vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown function of the file /goform/diag_ping. Performing manipulation of the argument target_addr results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. |
|
| CVE-2018-25115 | Aug 27, 2025 |
D-Link DIR routers v1.03 arbitrary cmd exec via service.cgi CVE-2018-25115Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-08-21 UTC. |
Dir 815
|
| CVE-2013-10048 | Aug 01, 2025 |
OS Command Injection in D-Link DIR-300 rev B/600 command.php (before 2.14b01)An OS command injection vulnerability exists in various legacy D-Link routersincluding DIR-300 rev B and DIR-600 (firmware 2.13 and 2.14b01, respectively)due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the cmd parameter. |
Dir 600
Dir 300
|
| CVE-2013-10050 | Aug 01, 2025 |
D-Link DIR-300/615 OS Command Injection via tools_vct.xgiAn OS command injection vulnerability exists in multiple D-Link routersconfirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid credentials to inject arbitrary shell commands. Exploitation enables full device compromise, including spawning a telnet daemon and establishing a root shell. The vulnerability is present in firmware versions that expose tools_vct.xgi and use the Mathopd/1.5p6 web server. No vendor patch is available, and affected models are end-of-life. |
Dir 300
Dir 615
|
| CVE-2025-34048 | Jun 26, 2025 |
Pre-1.04 Path-Traversal in D-Link DSL-2730U/2750U/2750E with webprocA path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN_1.02, SEA_1.04, and SEA_1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI script. This flaw allows an unauthenticated remote attacker to perform path traversal attacks by supplying crafted requests, enabling arbitrary file read on the affected device. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC. |
Dsl 2750u
Dcs 2750e
|
| CVE-2024-45623 | Sep 02, 2024 |
D-Link DAP-2310 ATP Binary Buffer Overflow 1.16RC028D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server (httpd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
Dap 2310
|
| CVE-2020-19319 | Sep 11, 2023 |
Buffer Overflow in D-Link 619L B 2.06beta via FILECODEBuffer overflow vulnerability in DLINK 619L version B 2.06beta via the FILECODE parameter on login. |
202l
|
| CVE-2020-19320 | Sep 11, 2023 |
Buffer Overflow in DLINK 619L 2.06beta curTime on LoginBuffer overflow vulnerability in DLINK 619L version B 2.06beta via the curTime parameter on login. |
Dir 619l
|
| CVE-2020-19323 | Sep 11, 2023 |
DIR-619L 2.06beta mini_upnpd Heap Buffer Overflow via M-search STAn issue was discovered in /bin/mini_upnpd on D-Link DIR-619L 2.06beta devices. There is a heap buffer overflow allowing remote attackers to restart router via the M-search request ST parameter. No authentication required |
Dir 619l
|
| CVE-2020-19318 | Sep 11, 2023 |
D-Link DIR-605L Buffer Overflow in webserver (1.17beta and below)Buffer Overflow vulnerability in D-Link DIR-605L, hardware version AX, firmware version 1.17beta and below, allows authorized attackers execute arbitrary code via sending crafted data to the webserver service program. |
Dir 605l
|
| CVE-2022-44929 | Dec 02, 2022 |
D-Link DVG-G5402SP GE_1.03 PrivEsc via VoIP SIB Profile EditAn access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles. |
Dvg G5402sp Firmware
|
| CVE-2022-44928 | Dec 02, 2022 |
Command Injection in D-Link DVG-G5402SP GE_1.03 Maintenance FunctionD-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function. |
Dvg G5402sp Firmware
|
| CVE-2021-26709 | Apr 07, 2021 |
D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer OverflowsD-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that are no longer supported by the maintainer |
Dsl 320b D1
|
| CVE-2020-12695 | Jun 08, 2020 |
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URLThe Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. |
Dvg N5412sp
|
| CVE-2018-15517 | Jan 31, 2019 |
The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actuallyThe MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. |
Central Wifimanager
|
| CVE-2018-15516 | Jan 31, 2019 |
The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devicesThe FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF. |
Central Wifimanager
|
| CVE-2018-18767 | Dec 20, 2018 |
An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and password) in base64 cleartext. An attacker could conduct an MitM attack on the local network and very easily obtain these credentials. |
Mydlink Baby Camera Monitor
|
| CVE-2018-17443 | Oct 08, 2018 |
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS. |
Central Wifimanager
|
| CVE-2018-17442 | Oct 08, 2018 |
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code. |
Central Wifimanager
|
| CVE-2018-17441 | Oct 08, 2018 |
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS. |
Central Wifimanager
|
| CVE-2018-17440 | Oct 08, 2018 |
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request. |
Central Wifimanager
|
| CVE-2018-7698 | Mar 05, 2018 |
An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05.04 devicesAn issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05.04 devices. The mydlink+ app sends the username and password for connected D-Link cameras (such as DCS-933L and DCS-934L) unencrypted from the app to the camera, allowing attackers to obtain these credentials and gain control of the camera including the ability to view the camera's stream and make changes without the user's knowledge. |
Mydlink
|
| CVE-2006-3687 | Jul 21, 2006 |
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband RouterStack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900. |
Wbr 1310 Wireless G Router
Di 604 Broadband Router
Di 784
And others... |
| CVE-2005-4723 | Dec 31, 2005 |
D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment. |
Di 784
Di 524
|
| CVE-2004-0615 | Dec 06, 2004 |
Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request. |
Di 704p
Di 614
|