cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-57376,https://securityvulnerability.io/vulnerability/CVE-2024-57376,Buffer Overflow Vulnerability in D-Link DSR Series Routers,"The D-Link DSR series routers, specifically models DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, and DSR-1000N, contain a buffer overflow vulnerability. This flaw affects firmware versions 3.13 to 3.17B901C, enabling unauthenticated users to execute arbitrary code remotely. This vulnerability highlights the critical importance of maintaining up-to-date firmware to protect network devices from unauthorized access and potential exploitation.",D-Link,DSR Series Routers,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T00:00:00.000Z,74
CVE-2024-57684,https://securityvulnerability.io/vulnerability/CVE-2024-57684,Access Control Flaw in D-Link 816 Router Firmware,"An access control issue in the D-Link 816A2 router firmware allows unauthenticated attackers to manipulate the DMZ (Demilitarized Zone) service settings. By exploiting this vulnerability through a specially crafted POST request, an attacker can gain unauthorized access to the device's configuration, potentially compromising the security of connected networks. This flaw underscores the importance of maintaining updated firmware and robust access controls to safeguard IoT devices.",D-Link,D-Link 816A2 Firmware,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-16T00:00:00.000Z,0
CVE-2025-0492,https://securityvulnerability.io/vulnerability/CVE-2025-0492,Null Pointer Dereference in D-Link DIR-823X,"A vulnerability exists in the D-Link DIR-823X models 240126 and 240802 due to improper handling of a function resulting in a null pointer dereference. This flaw allows remote attackers to exploit the device, potentially leading to a denial of service. Awareness of this vulnerability is crucial as it has been publicly disclosed, increasing the risk of exploitation.",D-link,Dir-823x,8.7,HIGH,0.00044999999227002263,false,,false,false,true,2025-01-15T22:00:17.000Z,true,false,false,,2025-01-15T22:00:17.134Z,0
CVE-2025-22968,https://securityvulnerability.io/vulnerability/CVE-2025-22968,Remote Code Execution Vulnerability in D-Link DWR-M972V,"D-Link DWR-M972V 1.05SSG suffers from a vulnerability that allows remote attackers to execute arbitrary commands via SSH. This issue enables attackers to access and manipulate the device's operations using the root account without authentication or restrictions, posing a significant risk to device integrity and network security. It is crucial for users to promptly apply any available security updates to mitigate potential exploitation.",D-Link,DWR-M972V,9.8,CRITICAL,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-11960,https://securityvulnerability.io/vulnerability/CVE-2024-11960,Buffer Overflow Vulnerability in D-Link DIR-605L Router,"A critical buffer overflow vulnerability has been identified in the D-Link DIR-605L router firmware version 2.13B01. This security flaw resides in the formSetPortTr function, specifically within the /goform/formSetPortTr file. An attacker can exploit this vulnerability remotely by manipulating the curTime argument, which results in a buffer overflow. The exploit has been published publicly, increasing the risk of potential attacks. Users are strongly advised to apply security updates and monitor their devices to prevent unauthorized access.",D-link,Dir-605l,8.8,HIGH,0.001500000013038516,false,,false,false,true,2024-11-28T14:31:09.000Z,true,false,false,,2024-11-28T14:31:09.257Z,0
CVE-2024-11959,https://securityvulnerability.io/vulnerability/CVE-2024-11959,Buffer Overflow in D-Link DIR-605L Affects Device Security,"CVE-2024-11959 is a critical vulnerability located in the D-Link DIR-605L firmware version 2.13B01. This buffer overflow vulnerability arises from improper handling of the 'curTime' argument in the formResetStatistic function of the /goform/formResetStatistic file. An attacker can exploit this flaw remotely, potentially leading to unauthorized access and control over the affected device. The public disclosure of this exploit underlines the urgency in implementing mitigation strategies to safeguard network security. Users are advised to update their firmware or take necessary precautions to mitigate potential risks.",D-link,Dir-605l,8.8,HIGH,0.001500000013038516,false,,false,false,true,2024-11-28T14:31:05.000Z,true,false,false,,2024-11-28T14:31:05.705Z,0
CVE-2024-51151,https://securityvulnerability.io/vulnerability/CVE-2024-51151,D-Link DI-8200 Vulnerable to Remote Command Execution,"The D-Link DI-8200 networking device is susceptible to a remote command execution vulnerability due to inadequate input validation in the msp_info_htm function. Attackers can exploit this flaw by manipulating the flag and cmd parameters, allowing unauthorized execution of arbitrary commands on the device. Such a security lapse can lead to severe repercussions, including unauthorized access and control over the compromised device, posing significant risks to network integrity.",D-Link,Di-8200 Firmware,9.8,CRITICAL,0.0010400000028312206,false,,false,false,false,,,false,false,,2024-11-21T09:45:00.000Z,0
CVE-2024-52759,https://securityvulnerability.io/vulnerability/CVE-2024-52759,Buffer Overflow Vulnerability in D-LINK DI-8003 Router,"The D-LINK DI-8003 router is affected by a buffer overflow vulnerability originating from improper handling of the 'ip' parameter in the ip_position_asp function. This vulnerability allows attackers to potentially execute arbitrary code, leading to unauthorized access or manipulation of the device. Users are advised to evaluate their device firmware and apply the necessary security patches as recommended by the vendor to mitigate risks associated with this vulnerability.",D-Link,Di-8003 Firmware,9.8,CRITICAL,0.0010000000474974513,false,,false,false,false,,,false,false,,2024-11-19T19:15:00.000Z,0
CVE-2024-28729,https://securityvulnerability.io/vulnerability/CVE-2024-28729,Arbitrary Code Execution Vulnerability in DLink DWR 2000M and DWR CPE Products,"A notable security issue exists within DLink's DWR 2000M 5G CPE With Wifi 6 Ax1800 and the DWR CPE DWR-2000M_1.34ME firmware version. This vulnerability allows a local attacker to leverage this security flaw to execute arbitrary code. The exploitation occurs through specially crafted requests, which could potentially lead to unauthorized access and manipulation of device functionalities. Users of affected products are urged to evaluate their security posture and apply any available mitigations to safeguard against exploitation.",D-Link,Dwr-2000m Firmware,9.8,CRITICAL,0.0015699999639764428,false,,false,false,false,,,false,false,,2024-11-12T23:15:00.000Z,0
CVE-2024-11068,https://securityvulnerability.io/vulnerability/CVE-2024-11068,Unauthorized Access to User Passwords via Incorrect Use of Privileged APIs,"The D-Link DSL6740C modem is exposed to a serious security risk due to an incorrect use of privileged APIs. This vulnerability enables unauthenticated remote attackers to manipulate user passwords, thus gaining unauthorized access to services such as Web, SSH, and Telnet. Any malicious actor can exploit this flaw to compromise user accounts, highlighting the importance of prompt security measures.",D-link,Dsl6740c,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-11T08:05:18.980Z,0
CVE-2024-11067,https://securityvulnerability.io/vulnerability/CVE-2024-11067,Unauthenticated Remote Attackers Can Read Arbitrary System Files via Path Traversal Vulnerability in D-Link DSL6740C Modem,"A Path Traversal vulnerability exists in the D-Link DSL6740C modem, which enables unauthenticated remote attackers to access and read arbitrary system files. The flaw is further exacerbated by the device's default password, derived from its MAC address. Through exploitation of this vulnerability, attackers can discover the MAC address and subsequently attempt to gain unauthorized access to the device using the default credentials.",D-link,Dsl6740c,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-11T08:00:59.881Z,0
CVE-2024-11066,https://securityvulnerability.io/vulnerability/CVE-2024-11066,D-Link DSL6740C Modem Vulnerable to OS Command Injection,"The D-Link DSL6740C modem is susceptible to an OS Command Injection vulnerability, enabling remote attackers who possess administrator credentials to inject and execute arbitrary system commands through a designated web interface. This flaw might allow unauthorized manipulation of the modem's operating system, which could lead to further exploitation of the network security. It is critical for users and network administrators to evaluate their device settings and apply necessary security updates to mitigate potential risks associated with this vulnerability.",D-link,Dsl6740c,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-11T07:49:38.566Z,0
CVE-2024-11065,https://securityvulnerability.io/vulnerability/CVE-2024-11065,D-Link DSL6740C Modem Exposed to OS Command Injection Attacks,"The D-Link DSL6740C modem is susceptible to an OS Command Injection vulnerability, where remote attackers, having obtained administrator privileges, can exploit this flaw. This allows them to inject and run arbitrary system commands through specific features accessible via SSH and Telnet. This exploitation can lead to unauthorized access and manipulation of the modem's firmware and associated network infrastructure.",D-link,Dsl6740c,7.2,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-11-11T07:45:48.179Z,0
CVE-2024-11064,https://securityvulnerability.io/vulnerability/CVE-2024-11064,D-Link DSL6740C Modem Vulnerable to OS Command Injection,"The D-Link DSL6740C modem is susceptible to an OS Command Injection vulnerability that enables remote attackers with administrator credentials to potentially inject and execute arbitrary system commands. This security flaw takes advantage of specific functionalities that are accessible through SSH and Telnet, underscoring the importance of stringent access controls and regular firmware updates to safeguard against unauthorized access and exploitation.",D-link,Dsl6740c,7.2,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-11-11T07:35:00.344Z,0
CVE-2024-11063,https://securityvulnerability.io/vulnerability/CVE-2024-11063,D-Link DSL6740C Modem Vulnerable to OS Command Injection Attacks,"The D-Link DSL6740C modem is susceptible to an OS Command Injection vulnerability. This security flaw allows remote attackers who possess administrator privileges to inject and execute arbitrary system commands via specific functionalities provided by SSH and Telnet. Exploitation of this vulnerability could lead to unauthorized access and manipulation of the system, emphasizing the importance of securing network devices against potential threats.",D-link,Dsl6740c,7.2,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-11-11T07:30:21.003Z,0
CVE-2024-11062,https://securityvulnerability.io/vulnerability/CVE-2024-11062,D-Link DSL6740C Modem Vulnerable to OS Command Injection,"The D-Link DSL6740C modem is vulnerable to an OS Command Injection flaw that permits remote attackers with administrative privileges to exploit specific functionalities associated with SSH and Telnet. This security issue allows for the injection and execution of arbitrary system commands, potentially compromising the modem's integrity and the security of the entire network. This vulnerability emphasizes the importance of securing devices against such remote exploits, reinforcing the need for timely updates and security measures.",D-link,Dsl6740c,7.2,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-11-11T07:28:09.879Z,0
CVE-2024-11048,https://securityvulnerability.io/vulnerability/CVE-2024-11048,Buffer Overflow Vulnerability in D-Link DI-8003 Router,"A critical buffer overflow vulnerability has been identified in the D-Link DI-8003 router, specifically within the dbsrv_asp function of the /dbsrv.asp file. This security flaw allows attackers to manipulate the 'str' argument, potentially leading to a stack-based buffer overflow. This remote exploit can be initiated without authentication, thereby posing a significant risk to users. The vulnerability has been publicly disclosed, making both the product and its users vulnerable to active exploitation. Immediate action is advised to protect against this significant security threat.",D-link,Di-8003,9.8,CRITICAL,0.0008699999889358878,false,,false,false,true,2024-11-10T04:00:10.000Z,true,false,false,,2024-11-10T04:00:10.367Z,0
CVE-2024-11047,https://securityvulnerability.io/vulnerability/CVE-2024-11047,Stack Buffer Overflow Vulnerability in D-Link DI-8003 Router,"The D-Link DI-8003 router, specifically firmware version 16.07.16A1, contains a critical vulnerability involving a stack-based buffer overflow in the upgrade_filter_asp function located in the /upgrade_filter.asp file. This vulnerability is triggered through improper handling of the 'path' argument, which can be exploited by remote attackers to execute arbitrary code or cause denial-of-service conditions. The vulnerability is publicly disclosed and poses significant risks due to its remote exploitability, underscoring the need for immediate attention and remediation by affected users.",D-link,Di-8003,9.8,CRITICAL,0.0008699999889358878,false,,false,false,true,2024-11-10T03:31:04.000Z,true,false,false,,2024-11-10T03:31:04.900Z,0
CVE-2024-11046,https://securityvulnerability.io/vulnerability/CVE-2024-11046,Command Injection Vulnerability in D-Link DI-8003 Router,"A serious command injection vulnerability has been identified in the D-Link DI-8003 router, specifically within the upgrade_filter_asp function found in the /upgrade_filter.asp file. By manipulating the 'path' argument, an attacker can potentially execute arbitrary operating system commands remotely. This security flaw exposes the device to significant security risks, making it crucial for users to address this vulnerability promptly. Publicly disclosed exploit techniques highlight the urgency of patching affected D-Link products to prevent unauthorized access and data breaches.",D-link,Di-8003,9.8,CRITICAL,0.0008900000248104334,false,,false,false,true,2024-11-10T03:00:10.000Z,true,false,false,,2024-11-10T03:00:10.737Z,0
CVE-2024-10915,https://securityvulnerability.io/vulnerability/CVE-2024-10915,OS Command Injection Vulnerability in D-Link NAS Products,"A vulnerability exists in D-Link's DNS-320, DNS-320LW, DNS-325, and DNS-340L NAS devices, specifically within the cgi_user_add function of the /cgi-bin/account_mgr.cgi endpoint. This issue is caused by improper handling of the 'group' argument, which leads to potential OS command injection. Remote attackers can exploit this vulnerability to execute arbitrary commands on the affected devices. Although the complexity of the attack is high, the public disclosure of the exploit raises concerns about the security posture of networks utilizing these devices. Users are advised to apply any available patches or mitigations.",D-Link,Dns-320 Firmware,9.8,CRITICAL,0.23746000230312347,false,,false,false,false,,,false,false,,2024-11-06T14:15:00.000Z,0
CVE-2024-10914,https://securityvulnerability.io/vulnerability/CVE-2024-10914,D-Link Routers Vulnerable to OS Command Injection Attacks,"A vulnerability exists in D-Link network attached storage devices, including the DNS-320, DNS-320LW, DNS-325, and DNS-340L, which allows for OS command injection. This issue arises in the cgi_user_add function of the /cgi-bin/account_mgr.cgi interface, where improper handling of the 'name' argument can be exploited. The attack can be executed remotely, although the complexity of successfully exploiting this vulnerability is relatively high and requires advanced knowledge. Public disclosure of the exploit amplifies the risk, necessitating immediate attention to secure affected devices.",D-Link,Dns-320 Firmware,9.8,CRITICAL,0.16929000616073608,false,,true,false,true,2024-11-08T14:21:09.000Z,true,true,true,2024-11-11T06:52:01.862Z,2024-11-06T14:15:00.000Z,9109
CVE-2024-9915,https://securityvulnerability.io/vulnerability/CVE-2024-9915,Buffer Overflow Vulnerability in D-Link Router Software,"A serious buffer overflow vulnerability has been identified in the D-Link DIR-619L B1 router, specifically in the formVirtualServ function located in the /goform/formVirtualServ file. This flaw arises from improper handling of the curTime argument, allowing attackers to exploit the vulnerability remotely. The risk of exploitation is elevated due to the public disclosure of this vulnerability, and it could lead to unauthorized access or control over the affected device. Users and administrators are strongly encouraged to review security recommendations provided by D-Link and update their firmware to mitigate this critical security risk.",D-link,Dir-619l B1,8.8,HIGH,0.001990000018849969,false,,false,false,true,2024-10-13T17:31:04.000Z,true,false,false,,2024-10-13T18:31:04.848Z,0
CVE-2024-9914,https://securityvulnerability.io/vulnerability/CVE-2024-9914,Buffer Overflow Vulnerability in D-Link DIR-619L B1 2.06 Allows Remote Attack,"A buffer overflow vulnerability exists in the D-Link DIR-619L router's function formSetWizardSelectMode. This security flaw arises from improper handling of the curTime argument within the specified file, /goform/formSetWizardSelectMode. It allows attackers to exploit the buffer overflow remotely, potentially compromising the device's functionality and security. The exploit, which has been publicly disclosed, poses a significant risk to users of the affected D-Link DIR-619L model.",D-link,Dir-619l B1,8.8,HIGH,0.001990000018849969,false,,false,false,true,2024-10-13T17:00:06.000Z,true,false,false,,2024-10-13T18:00:06.971Z,0
CVE-2024-9913,https://securityvulnerability.io/vulnerability/CVE-2024-9913,Buffer Overflow Vulnerability in D-Link DIR-619L B1 2.06,"A security vulnerability has been identified in the D-Link DIR-619L B1 router, specifically in the formSetRoute function located in the /goform/formSetRoute file. The issue arises from inadequate input validation leading to a buffer overflow situation. An attacker can remotely manipulate the 'curTime' argument to exploit this flaw, which may compromise the device's integrity and security. The vulnerability has been publicly disclosed, rendering affected routers susceptible to potential attacks that could exploit this weakness.",D-link,Dir-619l B1,8.8,HIGH,0.001990000018849969,false,,false,false,true,2024-10-13T16:31:04.000Z,true,false,false,,2024-10-13T17:31:04.724Z,0
CVE-2024-9912,https://securityvulnerability.io/vulnerability/CVE-2024-9912,Buffer Overflow Vulnerability in D-Link DIR-619L B1 2.06,"A recently identified vulnerability in the D-Link DIR-619L B1 version 2.06 resides in the formSetQoS function within the file /goform/formSetQoS. This vulnerability allows for a buffer overflow through improper argument handling of the curTime parameter. The flaw can be exploited remotely, facilitating unauthorized access and potential manipulation of network settings. This publicly disclosed vulnerability poses a significant risk for users of this router, making it essential for affected individuals to implement remedial measures promptly.",D-link,Dir-619l B1,8.8,HIGH,0.001990000018849969,false,,false,false,true,2024-10-13T15:31:05.000Z,true,false,false,,2024-10-13T16:31:05.117Z,0