CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 1CVE-2025-4860 – D-Link DAP-2695 Static Pool Settings Page adv_dhcps.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-4860
18 May 2025 — A vulnerability classified as problematic has been found in D-Link DAP-2695 120b36r137_ALL_en_20210528. Affected is an unknown function of the file /adv_dhcps.php of the component Static Pool Settings Page. The manipulation of the argument f_mac leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/DAP-2695/XSS_Static_Pool_Settings • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 1CVE-2025-4859 – D-Link DAP-2695 MAC Bypass Settings Page adv_macbypass.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-4859
18 May 2025 — A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_20210528. It has been rated as problematic. This issue affects some unknown processing of the file /adv_macbypass.php of the component MAC Bypass Settings Page. The manipulation of the argument f_mac leads to cross site scripting. The attack may be initiated remotely. • https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/DAP-2695/XSS_MAC_Bypass • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 1CVE-2025-4858 – D-Link DAP-2695 ARP Spoofing Prevention Page adv_arpspoofing.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-4858
18 May 2025 — A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_20210528. It has been declared as problematic. This vulnerability affects unknown code of the file /adv_arpspoofing.php of the component ARP Spoofing Prevention Page. The manipulation of the argument harp_mac leads to cross site scripting. The attack can be initiated remotely. • https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/DAP-2695/XSS_ARP_Spoofing_Prevention • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 1CVE-2022-38873
https://notcve.org/view.php?id=CVE-2022-38873
20 Dec 2022 — D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106 and earlier, DAP-2695 v1.20rc119_beta31 and earlier, DAP-3320 v1.05rc027 beta and earlier, DAP-3662 v1.05rc047 and earlier allows attackers to cause a Denial of Service (DoS) via uploading a crafted firmware after modifying the firmware header. Dispositivos D-Link DAP-2310 v2.10rc036 y anteriores, DAP-2330 v1.0... • https://github.com/Yuhao-W/BUG--D-Link--Firmware-Update-Vulnerabilities/blob/main/README.md • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 1%CPEs: 18EXPL: 1CVE-2021-28840
https://notcve.org/view.php?id=CVE-2021-28840
10 Aug 2021 — Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_config function of sbin/httpd binary. When the binary handle the specific HTTP GET request, the content in upload_file variable is NULL in the upload_config function then the strncasecmp would take NULL as first argument, and incur the NULL pointer de... • https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 1CVE-2021-28839
https://notcve.org/view.php?id=CVE-2021-28839
10 Aug 2021 — Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_certificate function of sbin/httpd binary. When the binary handle the specific HTTP GET request, the strrchr in the upload_certificate function would take NULL as first argument, and incur the NULL pointer dereference vulnerability. Una vulnerabilidad... • https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 23EXPL: 1CVE-2021-28838
https://notcve.org/view.php?id=CVE-2021-28838
10 Aug 2021 — Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695 1.20RC093, DAP-3320 1.05RC027 BETA and DAP-3662 1.05rc069 in the sbin/httpd binary. The crash happens at the `atoi' operation when a specific network package are sent to the httpd binary. Una vulnerabilidad de Desreferencia de Puntero Null en D-Link DAP-2310 versión 2,10RC039, DAP-2330 versión 1.10RC036 BETA, DAP-236... • https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 4%CPEs: 20EXPL: 0CVE-2016-1558 – D-Link / Netgear FIRMADYNE Command Injection / Buffer Overflow
https://notcve.org/view.php?id=CVE-2016-1558
26 Feb 2016 — Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, DAP-2695 1.16 and earlier, DAP-3320 1.00 and earlier, and DAP-3662 1.01 and earlier allows remote attackers to have unspecified impact via a crafted 'dlink_uid' cookie. Desbordamiento de búfer en D-Link DAP-2310 2.06 y versiones anteriores, DAP-2330 1.06 y versiones anteriores, DAP-2360 2.06 y versiones anterio... • http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •