CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1538 – D-Link DAP-1320 api set_ws_action heap-based overflow
https://notcve.org/view.php?id=CVE-2025-1538
21 Feb 2025 — A vulnerability classified as critical was found in D-Link DAP-1320 1.00. Affected by this vulnerability is the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://legacy.us.dlink.com/pages/product.aspx?id=4b2bbe2e3f1d440ea65bc56c7e3dcc5c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1392 – D-Link DIR-816 index.html cross site scripting
https://notcve.org/view.php?id=CVE-2025-1392
17 Feb 2025 — A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/webproc?getpage=html/index.html&var:menu=24gwlan&var:page=24G_basic. The manipulation of the argument SSID leads to cross site scripting. The attack can be launched remotely. • https://vuldb.com/?ctiid.296023 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1104 – D-Link DHP-W310AV authentication spoofing
https://notcve.org/view.php?id=CVE-2025-1104
07 Feb 2025 — A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass by spoofing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/kn1g78/cve/blob/main/dlink.md • CWE-287: Improper Authentication CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0481 – D-Link DIR-878 HTTP POST Request dllog.cgi information disclosure
https://notcve.org/view.php?id=CVE-2025-0481
15 Jan 2025 — A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-878/dllog.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13108 – D-Link DIR-816 A2 form2NetSniper.cgi access control
https://notcve.org/view.php?id=CVE-2024-13108
02 Jan 2025 — A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been declared as critical. This vulnerability affects unknown code of the file /goform/form2NetSniper.cgi. The manipulation leads to improper access controls. The attack can be initiated remotely. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2NetSniper.md • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13107 – D-Link DIR-816 A2 ACL form2LocalAclEditcfg.cgi access control
https://notcve.org/view.php?id=CVE-2024-13107
02 Jan 2025 — A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been classified as critical. This affects an unknown part of the file /goform/form2LocalAclEditcfg.cgi of the component ACL Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2LocalAclEditcfg.md • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13106 – D-Link DIR-816 A2 IP QoS form2IPQoSTcAdd access control
https://notcve.org/view.php?id=CVE-2024-13106
02 Jan 2025 — A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/form2IPQoSTcAdd of the component IP QoS Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2IPQoSTcAdd.md • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13105 – D-Link DIR-816 A2 DHCPD Setting form2Dhcpd.cgi access control
https://notcve.org/view.php?id=CVE-2024-13105
02 Jan 2025 — A vulnerability has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/form2Dhcpd.cgi of the component DHCPD Setting Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2Dhcpd.md • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13104 – D-Link DIR-816 A2 WiFi Settings form2AdvanceSetup.cgi access control
https://notcve.org/view.php?id=CVE-2024-13104
02 Jan 2025 — A vulnerability, which was classified as critical, was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Affected is an unknown function of the file /goform/form2AdvanceSetup.cgi of the component WiFi Settings Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2AdvanceSetup.md • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13103 – D-Link DIR-816 A2 Virtual Service form2AddVrtsrv.cgi access control
https://notcve.org/view.php?id=CVE-2024-13103
02 Jan 2025 — A vulnerability, which was classified as critical, has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This issue affects some unknown processing of the file /goform/form2AddVrtsrv.cgi of the component Virtual Service Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2AddVrtsrv.md • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •