D Link
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any D Link product.
RSS Feeds for D Link security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in D Link products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by D Link Sorted by Most Security Vulnerabilities since 2018
Known Exploited D Link Vulnerabilities
The following D Link vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| D-Link DIR-859 Router Path Traversal Vulnerability |
D-Link DIR-859 routers contain a path traversal vulnerability in the file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml allows for the leakage of session data potentially enabling privilege escalation and unauthorized control of the device. This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS CVE-2024-0769 Exploit Probability: 70.6% |
June 25, 2025 |
| D-Link DIR-820 Router OS Command Injection Vulnerability |
D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp. CVE-2023-25280 Exploit Probability: 92.9% |
September 30, 2024 |
| D-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability |
D-Link DIR-600 routers contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to change router configurations by hijacking an existing administrator session. CVE-2014-100005 Exploit Probability: 35.4% |
May 16, 2024 |
| D-Link DIR-605 Router Information Disclosure Vulnerability |
D-Link DIR-605 routers contain an information disclosure vulnerability that allows attackers to obtain a username and password by forging a post request to the /getcfg.php page. CVE-2021-40655 Exploit Probability: 93.3% |
May 16, 2024 |
| D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability |
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution. CVE-2024-3272 Exploit Probability: 94.2% |
April 11, 2024 |
| D-Link Multiple NAS Devices Command Injection Vulnerability |
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability. When combined with CVE-2024-3272, this can lead to remote, unauthorized code execution. CVE-2024-3273 Exploit Probability: 94.4% |
April 11, 2024 |
| D-Link DSL-2750B Devices Command Injection Vulnerability |
D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter. CVE-2016-20017 Exploit Probability: 88.2% |
January 8, 2024 |
| D-Link DWL-2600AP Access Point Command Injection Vulnerability |
D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter. CVE-2019-20500 Exploit Probability: 93.7% |
June 29, 2023 |
| D-Link DIR-859 Router Command Execution Vulnerability |
D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to execute system commands as root by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. CVE-2019-17621 Exploit Probability: 93.2% |
June 29, 2023 |
| D-Link Multiple Routers OS Command Injection Vulnerability |
Multiple D-Link routers contain an unspecified vulnerability which allows for execution of OS commands. CVE-2018-6530 Exploit Probability: 93.8% |
September 8, 2022 |
| D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability |
The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information. CVE-2011-4723 Exploit Probability: 8.7% |
September 8, 2022 |
| D-Link DIR-820L Remote Code Execution Vulnerability |
D-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code execution. CVE-2022-26258 Exploit Probability: 89.4% |
September 8, 2022 |
| D-Link DIR-816L Remote Code Execution Vulnerability |
D-Link DIR-816L contains an unspecified vulnerability in the shareport.php value parameter which allows for remote code execution. CVE-2022-28958 |
September 8, 2022 |
| D-Link DNS-320 Remote Code Execution Vulnerability |
The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution. CVE-2019-16057 Exploit Probability: 94.0% |
April 15, 2022 |
| D-Link Multiple Routers Remote Code Execution Vulnerability |
A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file. CVE-2021-45382 Exploit Probability: 94.2% |
April 4, 2022 |
| D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability |
A cross-site scripting (XSS) vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML. CVE-2013-5223 Exploit Probability: 35.5% |
March 25, 2022 |
| D-Link DCS-930L Devices OS Command Injection Vulnerability |
setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command. CVE-2016-11021 Exploit Probability: 90.4% |
March 25, 2022 |
| D-Link Multiple Routers Command Injection Vulnerability |
Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise. CVE-2019-16920 Exploit Probability: 94.3% |
March 25, 2022 |
| D-Link DIR-610 Devices Remote Command Execution |
D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php. CVE-2020-9377 Exploit Probability: 78.5% |
March 25, 2022 |
| D-Link DIR-645 Router Remote Code Execution Vulnerability |
D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. CVE-2015-2051 Exploit Probability: 90.9% |
February 10, 2022 |
Of the known exploited vulnerabilities above, 14 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 4 known exploited D Link vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
Top 10 Riskiest D Link Vulnerabilities
Based on the current exploit probability, these D Link vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.
| Rank | CVE | EPSS | Vulnerability |
|---|---|---|---|
| 1 | CVE-2024-3273 | 94.4% | D-Link Multiple NAS Devices Command Injection Vulnerability |
| 2 | CVE-2019-16920 | 94.3% | D-Link Multiple Routers Command Injection Vulnerability |
| 3 | CVE-2021-45382 | 94.2% | D-Link Multiple Routers Remote Code Execution Vulnerability |
| 4 | CVE-2024-3272 | 94.2% | D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability |
| 5 | CVE-2019-16057 | 94.0% | D-Link DNS-320 Remote Code Execution Vulnerability |
| 6 | CVE-2020-25506 | 93.9% | D-Link DNS-320 Command Injection Remote Code Execution Vulnerability |
| 7 | CVE-2018-6530 | 93.8% | D-Link Multiple Routers OS Command Injection Vulnerability |
| 8 | CVE-2019-20500 | 93.7% | D-Link DWL-2600AP Access Point Command Injection Vulnerability |
| 9 | CVE-2021-40655 | 93.3% | D-Link DIR-605 Router Information Disclosure Vulnerability |
| 10 | CVE-2019-17621 | 93.2% | D-Link DIR-859 Router Command Execution Vulnerability |
By the Year
In 2025 there have been 0 vulnerabilities in D Link. Last year, in 2024 D Link had 1 security vulnerability published. Right now, D Link is on track to have less security vulnerabilities in 2025 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 1 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 2 | 9.80 |
| 2021 | 1 | 9.80 |
| 2020 | 1 | 7.50 |
| 2019 | 2 | 7.20 |
| 2018 | 6 | 7.65 |
It may take a day or so for new D Link vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent D Link Security Vulnerabilities
D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary
CVE-2024-45623
- September 02, 2024
D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server (httpd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
An access control issue in D-Link DVG-G5402SP GE_1.03
CVE-2022-44929
9.8 - Critical
- December 02, 2022
An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles.
D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability
CVE-2022-44928
9.8 - Critical
- December 02, 2022
D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function.
Shell injection
D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows
CVE-2021-26709
9.8 - Critical
- April 07, 2021
D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Memory Corruption
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL
CVE-2020-12695
7.5 - High
- June 08, 2020
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
Incorrect Default Permissions
The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices
CVE-2018-15516
5.8 - Medium
- January 31, 2019
The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.
SSRF
The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually
CVE-2018-15517
8.6 - High
- January 31, 2019
The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI.
SSRF
An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06
CVE-2018-18767
7 - High
- December 20, 2018
An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and password) in base64 cleartext. An attacker could conduct an MitM attack on the local network and very easily obtain these credentials.
Inadequate Encryption Strength
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1
CVE-2018-17440
9.8 - Critical
- October 08, 2018
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request.
Unrestricted File Upload
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1
CVE-2018-17441
6.1 - Medium
- October 08, 2018
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS.
XSS
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1
CVE-2018-17442
8.8 - High
- October 08, 2018
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code.
Unrestricted File Upload
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1
CVE-2018-17443
6.1 - Medium
- October 08, 2018
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS.
XSS
An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05.04 devices
CVE-2018-7698
8.1 - High
- March 05, 2018
An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05.04 devices. The mydlink+ app sends the username and password for connected D-Link cameras (such as DCS-933L and DCS-934L) unencrypted from the app to the camera, allowing attackers to obtain these credentials and gain control of the camera including the ability to view the camera's stream and make changes without the user's knowledge.
Insufficiently Protected Credentials
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router
CVE-2006-3687
- July 21, 2006
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900.
D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784
CVE-2005-4723
- December 31, 2005
D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment.
Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624
CVE-2004-0615
- December 06, 2004
Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request.