Export limit exceeded: 43873 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 335152 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 335152 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 335152 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1636 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27655 | 1 Dlink | 3 Dir-823 Firmware, Dir-823g, Dir-823g Firmware | 2025-04-21 | 8.8 High |
| D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SOAPACTION parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution. | ||||
| CVE-2024-27656 | 1 Dlink | 3 Dir-823 Firmware, Dir-823g, Dir-823g Firmware | 2025-04-21 | 8.8 High |
| D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Cookie parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution. | ||||
| CVE-2024-27657 | 1 Dlink | 3 Dir-823 Firmware, Dir-823g, Dir-823g Firmware | 2025-04-21 | 8.8 High |
| D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the User-Agent parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution. | ||||
| CVE-2024-27658 | 1 Dlink | 3 Dir-823 Firmware, Dir-823g, Dir-823g Firmware | 2025-04-21 | 6.5 Medium |
| D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2017-14425 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 7.8 High |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions. | ||||
| CVE-2017-14424 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 7.8 High |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions. | ||||
| CVE-2017-14423 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 7.5 High |
| htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests. | ||||
| CVE-2017-14422 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 7.5 High |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | ||||
| CVE-2017-14421 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 9.8 Critical |
| D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session. | ||||
| CVE-2017-14420 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 5.9 Medium |
| The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-14419 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 5.9 Medium |
| The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established. | ||||
| CVE-2017-14418 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 8.1 High |
| The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services. | ||||
| CVE-2017-14417 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 9.8 Critical |
| register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services. | ||||
| CVE-2017-14416 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 6.1 Medium |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php. | ||||
| CVE-2017-14415 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 6.1 Medium |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php. | ||||
| CVE-2017-14414 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 6.1 Medium |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php. | ||||
| CVE-2017-14413 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 6.1 Medium |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php. | ||||
| CVE-2017-12943 | 1 Dlink | 2 Dir-600 B1, Dir-600 B1 Firmware | 2025-04-20 | 9.8 Critical |
| D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password. | ||||
| CVE-2017-11436 | 1 Dlink | 1 Dir-615 | 2025-04-20 | 9.8 Critical |
| D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection. | ||||
| CVE-2017-10676 | 2 D-link, Dlink | 2 Dir-600m Firmware, Dir-600m | 2025-04-20 | N/A |
| On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter. | ||||