Dlink Dlink

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Dlink product.

Products by Dlink Sorted by Most Security Vulnerabilities since 2018

Dlink Dir 605l Firmware24 vulnerabilities

Dlink Dir 619l Firmware19 vulnerabilities

Dlink Dir X3260 Firmware11 vulnerabilities

Dlink Dir 823g Firmware11 vulnerabilities

Dlink Central Wifimanager8 vulnerabilities

Dlink Dar 7000 Firmware7 vulnerabilities

Dlink Dsl6740c Firmware7 vulnerabilities

Dlink Di 8003 Firmware7 vulnerabilities

Dlink Dcs 8300lhv2 Firmware6 vulnerabilities

Dlink Go Rt Ac750 Firmware5 vulnerabilities

Dlink Dwl 6610ap Firmware5 vulnerabilities

Dlink Dir 846w Firmware4 vulnerabilities

Dlink Dir 816 A2 Firmware4 vulnerabilities

Dlink Dir 868l Firmware4 vulnerabilities

Dlink Di 6243 vulnerabilities

Dlink Dwr 2000m Firmware3 vulnerabilities

Dlink Di 5243 vulnerabilities

Dlink Di 8100 Firmware3 vulnerabilities

Dlink Dar 8000 Firmware3 vulnerabilities

Dlink Dir X4860 Firmware3 vulnerabilities

Dlink Dir 645 Firmware2 vulnerabilities

Dlink Dir 610 Firmware2 vulnerabilities

Dlink Dsl 2750u Firmware2 vulnerabilities

Dlink D View 82 vulnerabilities

Dlink Dsl 225 Firmware2 vulnerabilities

Dlink Dns 320 Firmware2 vulnerabilities

Dlink Dir 842v2 Firmware2 vulnerabilities

Dlink Dir 846 Firmware2 vulnerabilities

Dlink Dir 1002 vulnerabilities

Dlink Dir 859 Firmware2 vulnerabilities

Dlink Di 8100g Firmware2 vulnerabilities

Dlink Di 8004w Firmware2 vulnerabilities

Dlink Dsl 2640r1 vulnerability

Dlink Tm G52401 vulnerability

Dlink Dsl 224 Firmware1 vulnerability

Dlink Dsl 2760u E11 vulnerability

Dlink Dir820la1 Firmware1 vulnerability

Dlink Dsl 2641r1 vulnerability

Dlink Dsl 2730u1 vulnerability

Dlink Dsl 2740r Firmware1 vulnerability

Dlink Dsl 2760u Firmware1 vulnerability

Dlink Dsl 3782 Firmware1 vulnerability

Dlink Dsl2740u1 vulnerability

Dlink Dsl2750u1 vulnerability

Dlink Dsp W215 Firmware1 vulnerability

Dlink Dsr 500n Firmware1 vulnerability

Dlink Dvg 3104ms Firmware1 vulnerability

Dlink Dvg N5412sp1 vulnerability

Dlink Dwr 932b Firmware1 vulnerability

Dlink Dir 300 Firmware1 vulnerability

Dlink Dcs 5220 Firmware1 vulnerability

Dlink Di 524up1 vulnerability

Dlink Di 6041 vulnerability

Dlink Di 604s1 vulnerability

Dlink Di 604up1 vulnerability

Dlink Di 624s1 vulnerability

Dlink Di 8200 Firmware1 vulnerability

Dlink Di 8300 Firmware1 vulnerability

Dlink Di 8400 Firmware1 vulnerability

Dlink Dir 1201 vulnerability

Dlink Dir 3001 vulnerability

Dlink Dir 895l Firmware1 vulnerability

Dlink Dir 6001 vulnerability

Dlink Dir 600 Firmware1 vulnerability

Dlink Dir 600m Firmware1 vulnerability

Dlink Dir 802 Firmware1 vulnerability

Dlink Dir 806 Firmware1 vulnerability

Dlink Dir 815 Firmware1 vulnerability

Dlink Dir 816a2 Firmware1 vulnerability

Dlink Dir 820l Firmware1 vulnerability

Dlink Dir 825 Firmware1 vulnerability

Dlink Dir 860l Firmware1 vulnerability

Dlink Dir 885l Firmware1 vulnerability

Dlink Dir 890l Firmware1 vulnerability

By the Year

In 2025 there have been 0 vulnerabilities in Dlink. Last year, in 2024 Dlink had 107 security vulnerabilities published. Right now, Dlink is on track to have less security vulnerabilities in 2025 than it did last year.




Year Vulnerabilities Average Score
2025 0 0.00
2024 107 8.45
2023 49 8.86
2022 4 9.55
2021 8 8.30
2020 3 7.93
2019 6 8.48
2018 5 7.56

It may take a day or so for new Dlink vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Dlink Security Vulnerabilities

D-Link DIR-605L Buffer Overflow Vulnerability in formSetPortTr Function

CVE-2024-11960 8.8 - High - November 28, 2024

A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

D-Link DIR-605L Buffer Overflow Vulnerability in formResetStatistic Function

CVE-2024-11959 8.8 - High - November 28, 2024

A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

D-Link DI-8003 Buffer Overflow Vulnerability in ipsec_road_asp Function

CVE-2024-52755 4.9 - Medium - November 21, 2024

D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the host_ip parameter in the ipsec_road_asp function.

Memory Corruption

D-Link DI-8200 Remote Command Execution Vulnerability in msp_info_htm Function

CVE-2024-51151 9.8 - Critical - November 21, 2024

D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter.

Command Injection

D-Link DI-8003 Buffer Overflow Vulnerability in ARP System ASP

CVE-2024-52757 4.9 - Medium - November 20, 2024

D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function.

Memory Corruption

D-Link DI-8003 Buffer Overflow Vulnerability in fn Parameter of tgfile_htm Function

CVE-2024-52754 4.9 - Medium - November 20, 2024

D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function.

Memory Corruption

D-Link DI-8003 Buffer Overflow Vulnerability in ip_position_asp Function

CVE-2024-52759 9.8 - Critical - November 19, 2024

D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function.

Classic Buffer Overflow

D-Link DWR-2000M 5G CPE CSRF Vulnerability in Port Forwarding

CVE-2024-28731 4.3 - Medium - November 12, 2024

Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the Port forwarding option.

Session Riding

D-Link DWR-2000M VPN Configuration Module Cross-Site Scripting Vulnerability

CVE-2024-28730 5.4 - Medium - November 12, 2024

Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the file upload feature of the VPN configuration module.

XSS

D-Link DWR-2000M 5G CPE Arbitrary Code Execution Vulnerability

CVE-2024-28729 9.8 - Critical - November 12, 2024

An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request.

D-Link DSL6740C API Privilege Escalation

CVE-2024-11068 9.8 - Critical - November 11, 2024

The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any users password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that users account.

Incorrect Use of Privileged APIs

D-Link DSL6740C Path Traversal File Disclosure

CVE-2024-11067 7.5 - High - November 11, 2024

The D-Link DSL6740C modem has a Path Traversal Vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Additionally, since the device's default password is a combination of the MAC address, attackers can obtain the MAC address through this vulnerability and attempt to log in to the device using the default password.

Relative Path Traversal

D-Link DSL6740C OS Command Injection

CVE-2024-11066 7.2 - High - November 11, 2024

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through the specific web page.

Shell injection

D-Link DSL6740C OS Command Injection via SSH/Telnet

CVE-2024-11065 7.2 - High - November 11, 2024

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.

Shell injection

D-Link DSL6740C OS Command Injection via SSH/Telnet

CVE-2024-11064 7.2 - High - November 11, 2024

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.

Shell injection

D-Link DSL6740C SSH/Telnet Command Injection

CVE-2024-11063 7.2 - High - November 11, 2024

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.

Shell injection

D-Link DSL6740C OS Command Injection via SSH/Telnet

CVE-2024-11062 7.2 - High - November 11, 2024

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.

Shell injection

D-Link DI-8003 16.07 Stack Overflow via dbsrv.asp

CVE-2024-11048 9.8 - Critical - November 10, 2024

A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been rated as critical. Affected by this issue is the function dbsrv_asp of the file /dbsrv.asp. The manipulation of the argument str leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

D-Link DI-8003 Stack Overflow via Path

CVE-2024-11047 9.8 - Critical - November 10, 2024

A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been declared as critical. Affected by this vulnerability is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

D-Link DI-8003 OS Command Injection via Path

CVE-2024-11046 9.8 - Critical - November 10, 2024

A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been classified as critical. Affected is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Shell injection

A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06

CVE-2024-9915 8.8 - High - October 13, 2024

A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06

CVE-2024-9914 8.8 - High - October 13, 2024

A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06. Affected is the function formSetWizardSelectMode of the file /goform/formSetWizardSelectMode. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability was found in D-Link DIR-619L B1 2.06

CVE-2024-9913 8.8 - High - October 13, 2024

A vulnerability was found in D-Link DIR-619L B1 2.06. It has been rated as critical. This issue affects the function formSetRoute of the file /goform/formSetRoute. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability was found in D-Link DIR-619L B1 2.06

CVE-2024-9912 8.8 - High - October 13, 2024

A vulnerability was found in D-Link DIR-619L B1 2.06. It has been declared as critical. This vulnerability affects the function formSetQoS of the file /goform/formSetQoS. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability was found in D-Link DIR-619L B1 2.06

CVE-2024-9911 8.8 - High - October 13, 2024

A vulnerability was found in D-Link DIR-619L B1 2.06. It has been classified as critical. This affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical

CVE-2024-9910 8.8 - High - October 13, 2024

A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical

CVE-2024-9909 8.8 - High - October 13, 2024

A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this vulnerability is the function formSetMuti of the file /goform/formSetMuti. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06

CVE-2024-9908 8.8 - High - October 13, 2024

A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument curTime leads to buffer overflow. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017

CVE-2024-9792 6.1 - Medium - October 10, 2024

A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017. This affects an unknown part of the component Port Forwarding Page. The manipulation of the argument PortMappingDescription leads to cross site scripting. It is possible to initiate the attack remotely.

XSS

A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06

CVE-2024-9786 8.8 - High - October 10, 2024

A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. Affected by this issue is the function formSetLog of the file /goform/formSetLog. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06

CVE-2024-9785 8.8 - High - October 10, 2024

A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formSetDDNS of the file /goform/formSetDDNS. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06

CVE-2024-9784 8.8 - High - October 10, 2024

A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06. Affected is the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability was found in D-Link DIR-619L B1 2.06

CVE-2024-9783 8.8 - High - October 10, 2024

A vulnerability was found in D-Link DIR-619L B1 2.06. It has been rated as critical. This issue affects the function formLogDnsquery of the file /goform/formLogDnsquery. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability was found in D-Link DIR-619L B1 2.06

CVE-2024-9782 8.8 - High - October 10, 2024

A vulnerability was found in D-Link DIR-619L B1 2.06. It has been declared as critical. This vulnerability affects the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical

CVE-2024-9570 8.8 - High - October 07, 2024

A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formEasySetTimezone of the file /goform/formEasySetTimezone. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical

CVE-2024-9569 8.8 - High - October 07, 2024

A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this vulnerability is the function formEasySetPassword of the file /goform/formEasySetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06

CVE-2024-9568 8.8 - High - October 07, 2024

A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formAdvNetwork of the file /goform/formAdvNetwork. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06

CVE-2024-9567 8.8 - High - October 07, 2024

A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. This issue affects the function formAdvFirewall of the file /goform/formAdvFirewall. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06

CVE-2024-9566 8.8 - High - October 07, 2024

A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. This vulnerability affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument next_page leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical

CVE-2024-9565 8.8 - High - October 07, 2024

A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. Affected by this vulnerability is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA

CVE-2024-9564 8.8 - High - October 07, 2024

A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. Affected is the function formWlanWizardSetup of the file /goform/formWlanWizardSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA

CVE-2024-9563 8.8 - High - October 07, 2024

A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. This issue affects the function formWlanSetup_Wizard of the file /goform/formWlanSetup_Wizard. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability classified as critical was found in D-Link DIR-605L 2.13B01 BETA

CVE-2024-9562 8.8 - High - October 06, 2024

A vulnerability classified as critical was found in D-Link DIR-605L 2.13B01 BETA. This vulnerability affects the function formSetWizard1/formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA

CVE-2024-9561 8.8 - High - October 06, 2024

A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetWAN_Wizard51/formSetWAN_Wizard52. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA

CVE-2024-9559 8.8 - High - October 06, 2024

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical

CVE-2024-9558 8.8 - High - October 06, 2024

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formSetWanPPTP of the file /goform/formSetWanPPTP. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical

CVE-2024-9557 8.8 - High - October 06, 2024

A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formSetWanPPPoE of the file /goform/formSetWanPPPoE. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA

CVE-2024-9556 8.8 - High - October 06, 2024

A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA

CVE-2024-9555 8.8 - High - October 06, 2024

A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. Affected by this issue is the function formSetEasy_Wizard of the file /goform/formSetEasy_Wizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA

CVE-2024-9553 8.8 - High - October 06, 2024

A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formdumpeasysetup of the file /goform/formdumpeasysetup. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA

CVE-2024-9552 8.8 - High - October 06, 2024

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been rated as critical. Affected by this issue is the function formSetWanNonLogin of the file /goform/formSetWanNonLogin. The manipulation of the argument webpage leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA

CVE-2024-9551 8.8 - High - October 06, 2024

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formSetWanL2TP of the file /goform/formSetWanL2TP. The manipulation of the argument webpage leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA

CVE-2024-9550 8.8 - High - October 06, 2024

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formLogDnsquery of the file /goform/formLogDnsquery. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical

CVE-2024-9549 8.8 - High - October 06, 2024

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formEasySetupWizard/formEasySetupWizard2 of the file /goform/formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA

CVE-2024-9535 8.8 - High - October 05, 2024

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA

CVE-2024-9534 8.8 - High - October 05, 2024

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formEasySetPassword of the file /goform/formEasySetPassword. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical

CVE-2024-9533 8.8 - High - October 05, 2024

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument next_page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical

CVE-2024-9532 8.8 - High - October 05, 2024

A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA

CVE-2024-9515 8.8 - High - October 04, 2024

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. This affects the function formSetQoS of the file /goform/formSetQoS. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA

CVE-2024-9514 8.8 - High - October 04, 2024

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. This vulnerability affects the function formSetDomainFilter of the file /goform/formSetDomainFilter. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912

CVE-2024-9004 9.8 - Critical - September 19, 2024

A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Affected is an unknown function of the file /view/DBManage/Backup_Server_commit.php. The manipulation of the argument host leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Shell injection

The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which

CVE-2024-45695 9.8 - Critical - September 16, 2024

The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.

Memory Corruption

Certain models of D-Link wireless routers do not properly validate user input in the telnet service

CVE-2024-45698 9.8 - Critical - September 16, 2024

Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device.

Use of Hard-coded Credentials

Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in

CVE-2024-45697 9.8 - Critical - September 16, 2024

Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials.

Hidden Functionality

D-Link DI-8300 v16.07.26A1 is vulnerable to command injection

CVE-2024-44410 9.8 - Critical - September 09, 2024

D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function.

Command Injection

D-Link DI-8100 v16.07.26A1 has a stack overflow vulnerability in the dbsrv_asp function.

CVE-2024-44375 7.5 - High - September 09, 2024

D-Link DI-8100 v16.07.26A1 has a stack overflow vulnerability in the dbsrv_asp function.

Memory Corruption

D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure

CVE-2024-44408 7.5 - High - September 06, 2024

D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows unauthorized configuration file downloads, and the downloaded configuration files contain plaintext user passwords.

AuthZ

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection

CVE-2024-44402 9.8 - Critical - September 06, 2024

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm.

Command Injection

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection

CVE-2024-44401 9.8 - Critical - September 06, 2024

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file

Command Injection

A vulnerability, which was classified as problematic, was found in D-Link DNS-320 2.02b01

CVE-2024-8461 5.3 - Medium - September 05, 2024

A vulnerability, which was classified as problematic, was found in D-Link DNS-320 2.02b01. This affects an unknown part of the file /cgi-bin/discovery.cgi of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.

Information Disclosure

A vulnerability, which was classified as problematic, has been found in D-Link DNS-320 2.02b01

CVE-2024-8460 5.9 - Medium - September 05, 2024

A vulnerability, which was classified as problematic, has been found in D-Link DNS-320 2.02b01. Affected by this issue is some unknown functionality of the file /cgi-bin/widget_api.cgi of the component Web Management Interface. The manipulation of the argument getHD/getSer/getSys leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.

Information Disclosure

A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical

CVE-2024-44400 9.8 - Critical - September 04, 2024

A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection.

Command Injection

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the wl(0)

CVE-2024-44342 9.8 - Critical - August 27, 2024

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the wl(0).(0)_ssid parameter. This vulnerability is exploited via a crafted POST request.

Shell injection

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability

CVE-2024-44341 9.8 - Critical - August 27, 2024

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request.

Shell injection

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability

CVE-2024-44340 8.8 - High - August 27, 2024

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via keys smartqos_express_devices and smartqos_normal_devices in SetSmartQoSSettings.

Shell injection

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability

CVE-2024-41622 9.8 - Critical - August 27, 2024

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in /HNAP1/ interface.

Shell injection

D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function.

CVE-2024-44382 9.8 - Critical - August 23, 2024

D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function.

D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function.

CVE-2024-44381 9.8 - Critical - August 23, 2024

D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function.

In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi

CVE-2024-42812 9.8 - Critical - August 19, 2024

In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.

Classic Buffer Overflow

A vulnerability was found in D-Link DI-8100 16.07

CVE-2024-7833 9.8 - Critical - August 15, 2024

A vulnerability was found in D-Link DI-8100 16.07. It has been classified as critical. This affects the function upgrade_filter_asp of the file upgrade_filter.asp. The manipulation of the argument path leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Command Injection

D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service.

CVE-2024-41616 9.8 - Critical - August 06, 2024

D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service.

Use of Hard-coded Credentials

A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07

CVE-2024-7436 8.8 - High - August 03, 2024

A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07. This issue affects the function msp_info_htm of the file msp_info.htm. The manipulation of the argument cmd leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273521 was assigned to this vulnerability.

Command Injection

D-Link - CWE-294: Authentication Bypass by Capture-replay

CVE-2024-38438 9.8 - Critical - July 21, 2024

D-Link - CWE-294: Authentication Bypass by Capture-replay

Authentication Bypass by Capture-replay

D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel

CVE-2024-38437 9.8 - Critical - July 21, 2024

D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel

Missing Authentication for Critical Function

D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE) vulnerability

CVE-2024-39202 8.8 - High - July 08, 2024

D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE) vulnerability via the dhcpd_startip parameter at /goform/set_lan_settings.

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20230922

CVE-2024-6525 8.8 - High - July 05, 2024

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20230922. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-270368. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Marshaling, Unmarshaling

D-Link DCS-8300LHV2 ONVIF Hardcoded PIN Authentication Bypass Vulnerability

CVE-2023-51629 8.8 - High - May 03, 2024

D-Link DCS-8300LHV2 ONVIF Hardcoded PIN Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the ONVIF API. The issue results from the use of a hardcoded PIN. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-21492.

Use of Hard-coded Credentials

D-Link DCS-8300LHV2 ONVIF SetHostName Stack-Based Buffer Overflow Remote Code Execution Vulnerability

CVE-2023-51628 8 - High - May 03, 2024

D-Link DCS-8300LHV2 ONVIF SetHostName Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the SetHostName ONVIF call. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21322.

Memory Corruption

D-Link DCS-8300LHV2 ONVIF Duration Stack-Based Buffer Overflow Remote Code Execution Vulnerability

CVE-2023-51627 8 - High - May 03, 2024

D-Link DCS-8300LHV2 ONVIF Duration Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the parsing of Duration XML elements. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21321.

Memory Corruption

D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Username Stack-Based Buffer Overflow Remote Code Execution Vulnerability

CVE-2023-51626 8.8 - High - May 03, 2024

D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Username Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Authorization header by the RTSP server, which listens on TCP port 554. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21320.

Memory Corruption

D-Link DCS-8300LHV2 ONVIF SetSystemDateAndTime Command Injection Remote Code Execution Vulnerability

CVE-2023-51625 8 - High - May 03, 2024

D-Link DCS-8300LHV2 ONVIF SetSystemDateAndTime Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the implementation of the ONVIF API, which listens on TCP port 80. When parsing the sch:TZ XML element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21319.

Shell injection

D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Nonce Stack-Based Buffer Overflow Remote Code Execution Vulnerability

CVE-2023-51624 8.8 - High - May 03, 2024

D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Nonce Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Authorization header by the RTSP server, which listens on TCP port 554. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20072.

Memory Corruption

D-Link DIR-X3260 prog.cgi SetAPClientSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability

CVE-2023-51623 6.8 - Medium - May 03, 2024

D-Link DIR-X3260 prog.cgi SetAPClientSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-size stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21673.

Memory Corruption

D-Link DIR-X3260 prog.cgi SetTriggerPPPoEValidate Stack-based Buffer Overflow Remote Code Execution Vulnerability

CVE-2023-51622 6.8 - Medium - May 03, 2024

D-Link DIR-X3260 prog.cgi SetTriggerPPPoEValidate Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-size stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21672.

Memory Corruption

D-Link DIR-X3260 prog.cgi SetDeviceSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability

CVE-2023-51621 6.8 - Medium - May 03, 2024

D-Link DIR-X3260 prog.cgi SetDeviceSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-size stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21670.

Memory Corruption

D-Link DIR-X3260 prog.cgi SetIPv6PppoeSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability

CVE-2023-51620 6.8 - Medium - May 03, 2024

D-Link DIR-X3260 prog.cgi SetIPv6PppoeSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-size stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21669.

Memory Corruption

D-Link DIR-X3260 prog.cgi SetMyDLinkRegistration Stack-based Buffer Overflow Remote Code Execution Vulnerability

CVE-2023-51619 6.8 - Medium - May 03, 2024

D-Link DIR-X3260 prog.cgi SetMyDLinkRegistration Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-size stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21667.

Memory Corruption

D-Link DIR-X3260 prog.cgi SetWLanRadioSecurity Stack-Based Buffer Overflow Remote Code Execution Vulnerability

CVE-2023-51618 6.8 - Medium - May 03, 2024

D-Link DIR-X3260 prog.cgi SetWLanRadioSecurity Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21595.

Memory Corruption

D-Link DIR-X3260 prog.cgi SetWanSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability

CVE-2023-51617 6.8 - Medium - May 03, 2024

D-Link DIR-X3260 prog.cgi SetWanSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21594.

Memory Corruption

D-Link DIR-X3260 prog.cgi SetSysEmailSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability

CVE-2023-51616 6.8 - Medium - May 03, 2024

D-Link DIR-X3260 prog.cgi SetSysEmailSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21593.

Memory Corruption

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.