CVSS: 5.3EPSS: 21%CPEs: 88EXPL: 1CVE-2024-0717 – D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure
https://notcve.org/view.php?id=CVE-2024-0717
19 Jan 2024 — A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, D... • https://github.com/999zzzzz/D-Link • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.8EPSS: 2%CPEs: 2EXPL: 3CVE-2019-19742 – D-Link DIR-615 Wireless Router - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-19742
18 Dec 2019 — On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field. En los dispositivos D-Link DIR-615, la página de configuración de la cuenta de usuario es vulnerable a un ataque de tipo XSS ciego por medio del campo name. • https://www.exploit-db.com/exploits/47776 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 15%CPEs: 2EXPL: 3CVE-2019-19743 – D-Link DIR-615 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-19743
16 Dec 2019 — On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal. En los dispositivos D-Link DIR-615, un usuario normal es capaz de crear un usuario root(admin) desde el portal de D-Link. • https://www.exploit-db.com/exploits/47778 •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2019-17353
https://notcve.org/view.php?id=CVE-2019-17353
09 Oct 2019 — An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page. Se detectó un problema en los dispositivos D-Link DIR-615 con la versión de firmware 20.05 y 20.07. La página wan.htm puede ser accedida directamente sin autenticación, lo que puede conllevar a la divulgación de información sobre l... • https://github.com/d0x0/D-Link-DIR-615/blob/master/CVE-2019-17353 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15874
https://notcve.org/view.php?id=CVE-2018-15874
25 Aug 2018 — Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request. Vulnerabilidad Cross-Site Scripting (XSS) en routers D-Link DIR-615 20.07 permite que un atacante inyecte JavaScript en la página "Status -> Active Client Table" mediante el campo hostname en una petición DHCP. • https://github.com/reevesrs24/cve/blob/master/D-Link_DIR-615/xss_DHCP/dlink_dir615_xss_dhcp.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15875
https://notcve.org/view.php?id=CVE-2018-15875
25 Aug 2018 — Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request. Vulnerabilidad Cross-Site Scripting (XSS) en routers D-Link DIR-615 20.07 permite que los atacantes inyecten JavaScript en la página UPnP de administrador del router mediante el campo description en una petición SOAP UPnP AddPortMapping. • https://github.com/reevesrs24/cve/blob/master/D-Link_DIR-615/xss_UPnP/dlink_dir615_xss_upnp.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 4CVE-2018-10110 – D-Link DIR-615 Wireless Router - Persistent Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-10110
17 Apr 2018 — D-Link DIR-615 T1 devices allow XSS via the Add User feature. Los dispositivos D-Link DIR-615 T1 permiten Cross-Site Scripting (XSS) mediante la característica Add User. The D-Link DIR-615 wireless router suffers from a persistent cross site scripting vulnerability. • https://packetstorm.news/files/id/147184 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •