Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Dir\-822_firmware
(Dlink)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 12 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-01-19 | CVE-2024-0717 | A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W,... | Dap\-1360_firmware, Dir\-1210_firmware, Dir\-1260_firmware, Dir\-2150_firmware, Dir\-300_firmware, Dir\-615_firmware, Dir\-615gf_firmware, Dir\-615s_firmware, Dir\-615t_firmware, Dir\-620_firmware, Dir\-620s_firmware, Dir\-806a_firmware, Dir\-815\/ac_firmware, Dir\-815_firmware, Dir\-815s_firmware, Dir\-816_firmware, Dir\-820_firmware, Dir\-822_firmware, Dir\-825_firmware, Dir\-825ac_firmware, Dir\-825acf_firmware, Dir\-825acg1_firmware, Dir\-841_firmware, Dir\-842_firmware, Dir\-842s_firmware, Dir\-843_firmware, Dir\-853_firmware, Dir\-878_firmware, Dir\-882_firmware, Dir\-X1530_firmware, Dir\-X1860_firmware, Dsl\-224_firmware, Dsl\-245gr_firmware, Dsl\-2640u_firmware, Dsl\-2750u_firmware, Dsl\-G2452gr_firmware, Dvg\-5402g\/gfru_firmware, Dvg\-5402g_firmware, Dvg\-N5402g\/il_firmware, Dvg\-N5402g_firmware, Dwm\-312w_firmware, Dwm\-321_firmware, Dwr\-921_firmware, Dwr\-953_firmware | 5.3 | ||
| 2024-01-11 | CVE-2023-51984 | D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. allows remote attackers to execute arbitrary commands via shell. | Dir\-822_firmware | 9.8 | ||
| 2024-01-11 | CVE-2023-51987 | D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords. | Dir\-822_firmware | 9.8 | ||
| 2024-01-11 | CVE-2023-51989 | D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords. | Dir\-822_firmware | 9.8 | ||
| 2019-12-30 | CVE-2019-17621 | The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. | Dir\-818lx_firmware, Dir\-822_firmware, Dir\-823_firmware, Dir\-859_firmware, Dir\-865l_firmware, Dir\-868l_firmware, Dir\-869_firmware, Dir\-880l_firmware, Dir\-885l_firmware, Dir\-885r_firmware, Dir\-890l_firmware, Dir\-890r_firmware, Dir\-895l_firmware, Dir\-895r_firmware | 9.8 | ||
| 2020-01-02 | CVE-2019-20213 | D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. | Dir\-818lx_firmware, Dir\-822_firmware, Dir\-823_firmware, Dir\-859_firmware, Dir\-865l_firmware, Dir\-868l_firmware, Dir\-869_firmware, Dir\-880l_firmware, Dir\-885l_firmware, Dir\-885r_firmware, Dir\-890l_firmware, Dir\-890r_firmware, Dir\-895l_firmware, Dir\-895r_firmware | 7.5 | ||
| 2016-08-25 | CVE-2016-5681 | Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08, DIR-868L B1 2.03 before 2.03WWb01, and DIR-868L C1 3.00 before 3.00WWb01 devices allows remote attackers to execute arbitrary code via a long session cookie. | Dir\-817l\(W\)_firmware, Dir\-818l\(W\)_firmware, Dir\-823_firmware, Dir\-850l_firmare, Dir\-880l_firmware, Dir\-885l_firmware, Dir\-890l_firmware, Dir\-895l_firmware, Dir\-822_firmware, Dir\-868l_firmware | 9.8 | ||
| 2019-05-13 | CVE-2018-19987 | D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. A vulnerable /HNAP1/SetAccessPointMode XML message could... | Dir\-818lw_firmware, Dir\-822_firmware, Dir\-860l_firmware, Dir\-868l_firmware, Dir\-880l_firmware, Dir\-890l\/r_firmware, Dir\-822_firmware | 9.8 | ||
| 2019-05-13 | CVE-2018-19989 | In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices. In the SetQoSSettings.php source code, the uplink parameter is saved in the /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth internal configuration memory without any regex checking. And in the bwc_tc_spq_start, bwc_tc_wfq_start, and bwc_tc_adb_start functions of the bwcsvcs.php source code, the data in... | Dir\-822_firmware, Dir\-822_firmware | 9.8 | ||
| 2019-01-09 | CVE-2018-20675 | D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass. | Dir\-822\-Us_firmware, Dir\-822_firmware, Dir\-850l_firmware, Dir\-880l_firmware | 9.8 |