A vulnerability was found in D-Link DCS-935L up to 1
Description
A vulnerability was found in D-Link DCS-935L up to 1
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
198 vulnerabilities from D-Link
← Back to all CVEsA vulnerability was found in D-Link DCS-935L up to 1
A vulnerability was found in D-Link DCS-935L up to 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in D-Link DI-8100 16
A vulnerability has been found in D-Link DI-8100 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in D-Link DI-8100 16
A flaw has been found in D-Link DI-8100 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in D-Link DI-8100 16
A vulnerability was detected in D-Link DI-8100 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A buffer overflow vulnerability in the D-Link DI-8100 POST parameter handler allows remote attackers to execute arbitrary code via the url_rule.asp fu...
A buffer overflow vulnerability in the D-Link DI-8100 POST parameter handler allows remote attackers to execute arbitrary code via the url_rule.asp function.
Update D-Link DI to the latest version. Monitor for exploitation attempts and review access logs.
D-Link DI-8100 is vulnerable to a remote buffer overflow in the `sprintf` function within the HTTP Handler's `/auto_reboot.asp` script.
D-Link DI-8100 is vulnerable to a remote buffer overflow in the `sprintf` function within the HTTP Handler's `/auto_reboot.asp` script.
---METADATA---
VENDOR: D-Link
PRODUCT: DI-8100
AFFECTED_VERSIONS: 16.07.26A1
---END_METADATA---
Description Summary:
D-Link DI-8100 is vulnerable to a remote buffer overflow in the sprintf function within the HTTP Handler's /auto_reboot.asp script.
Executive Summary:
A critical buffer overflow in the D-Link DI-8100 router allows remote unauthenticated attackers to execute arbitrary code.
Vulnerability Details
CVE-ID: CVE-2026-7853
Affected Software: D-Link DI-8100
Affected Versions: 16.07.26A1
Vulnerability: The vulnerability is a buffer overflow occurring in the sprintf function within the /auto_reboot.asp file of the HTTP Handler component, triggered by improper handling of the enable/time argument.
Business Impact
With a CVSS score of 9.8, this flaw allows for Remote Code Execution. Exploitation can lead to full router compromise, providing the attacker with persistent access to the network, the ability to intercept traffic, or redirecting users to malicious sites.
Remediation Plan
Immediate Action: Update the device firmware to the latest version. If no update is available, disable the web-based management interface.
Proactive Monitoring: Monitor logs for abnormal reboot requests or suspicious HTTP traffic directed at the router's management interface.
Compensating Controls: Use firewall rules to restrict access to the web management interface to trusted internal IP addresses only.
Exploitation Status
Public Exploit Available: Yes
Analyst Notes: The exploit for this vulnerability is publicly available, which significantly increases the urgency for remediation. Immediate action is required to secure the device.
Analyst Recommendation
Due to the public availability of exploit code, this router is at extreme risk. If a firmware update cannot be applied immediately, the router's management interface must be taken offline or restricted to trusted networks to prevent compromise.
Update D-Link DI to the latest version. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in D-Link DI-8100 16
A vulnerability was identified in D-Link DI-8100 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in D-Link DIR-825M 1
A vulnerability was found in D-Link DIR-825M 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in D-Link DIR-825M 1
A vulnerability has been found in D-Link DIR-825M 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A remote buffer overflow vulnerability in the D-Link DI-8100 CGI endpoint allows for arbitrary code execution.
A remote buffer overflow vulnerability in the D-Link DI-8100 CGI endpoint allows for arbitrary code execution.
---METADATA---
VENDOR: D-Link
PRODUCT: DI-8100
AFFECTED_VERSIONS: 16.07.26A1
---END_METADATA---
Description Summary:
A remote buffer overflow vulnerability in the D-Link DI-8100 CGI endpoint allows for arbitrary code execution.
Executive Summary:
A critical remote buffer overflow vulnerability in D-Link DI-8100 firmware allows unauthenticated attackers to execute arbitrary code via the CGI interface.
Vulnerability Details
CVE-ID: CVE-2026-7248
Affected Software: D-Link DI-8100
Affected Versions: 16.07.26A1
Vulnerability: The tgfile_htm function within the CGI component fails to properly validate the fn argument, resulting in a buffer overflow that can be triggered remotely by an unauthenticated attacker.
Business Impact
With a CVSS score of 9.8, this vulnerability allows for complete remote compromise of the affected D-Link device. Attackers can leverage this access to establish persistence, pivot into the internal network, or intercept traffic, creating a high-severity risk to network integrity.
Remediation Plan
Immediate Action: Apply the latest firmware update provided by D-Link to patch the buffer overflow vulnerability.
Proactive Monitoring: Inspect network logs for unusual requests targeting CGI endpoints and monitor for unexpected outbound traffic from the device.
Compensating Controls: Disable remote management of the device and restrict access to the web interface to trusted internal IP addresses using an ACL or firewall.
Exploitation Status
Public Exploit Available: True
Analyst Notes: As of Apr 28, 2026, a public exploit is available for this vulnerability. Given the ease of remote exploitation, the risk to unpatched devices is extreme.
Analyst Recommendation
Immediate remediation is required as an exploit is publicly available and the device is susceptible to remote code execution. If a patch cannot be immediately applied, the device must be removed from internet-facing segments to prevent compromise.
Update D-Link DI to the latest version. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in D-Link DIR-825 up to 3
A security flaw has been discovered in D-Link DIR-825 up to 3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in D-Link DIR-825 3
A vulnerability was identified in D-Link DIR-825 3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in D-Link DIR-822 A_101
A vulnerability was determined in D-Link DIR-822 A_101
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers...
DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform brute-force attacks to gain control over the device
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in D-Link DIR-513 1
A flaw has been found in D-Link DIR-513 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in D-Link DIR-513 1
A vulnerability was detected in D-Link DIR-513 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in D-Link DIR-513 1
A security vulnerability has been detected in D-Link DIR-513 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in D-Link DIR-605L 2
A vulnerability was identified in D-Link DIR-605L 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in D-Link DIR-605L 2
A vulnerability was determined in D-Link DIR-605L 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in D-Link DIR-605L 2
A vulnerability was found in D-Link DIR-605L 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in D-Link DIR-605L 2
A vulnerability has been found in D-Link DIR-605L 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in D-Link DIR-605L 2
A flaw has been found in D-Link DIR-605L 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in D-Link DIR-605L 2
A vulnerability was detected in D-Link DIR-605L 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in D-Link DIR-645 1
A vulnerability was detected in D-Link DIR-645 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L,...
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-...
A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-...
A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR...
A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in D-Link DIR-513 1
A vulnerability was found in D-Link DIR-513 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in D-Link DIR-513 1
A weakness has been identified in D-Link DIR-513 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in D-Link DIR-820LW 2
A vulnerability was determined in D-Link DIR-820LW 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in D-Link DIR-513 1
A vulnerability was found in D-Link DIR-513 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0...
D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username "Alphanetworks" and the static password "whdrv01_dlob_dir456U" read from /etc/config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches.
---METADATA---
VENDOR: D-Link
PRODUCT: DIR-456U
AFFECTED_VERSIONS: Hardware Revision A1 (End-of-Life)
CONFIDENCE: high
MISSING: patch
---END_METADATA---
Description Summary:
D-Link DIR-456U Rev A1 contains a hardcoded telnet backdoor, allowing unauthenticated attackers on the local network to gain full root administrative control.
Executive Summary:
A critical hardcoded backdoor in the D-Link DIR-456U allows unauthorized remote attackers to gain full root-level administrative access to the device.
Vulnerability Details
CVE-ID: CVE-2026-42376
Affected Software: D-Link DIR-456U
Affected Versions: Hardware Revision A1 (End-of-Life)
Vulnerability: The device features a hardcoded telnet backdoor utilizing a static username and password combination. This allows an unauthenticated attacker on the local network to bypass authentication mechanisms and execute commands with root privileges.
Business Impact
This vulnerability carries a CVSS score of 9.8, indicating a critical risk of full system compromise. Because the device has reached End-of-Life (EOL), it will not receive security updates, leaving the network permanently exposed to potential lateral movement, data interception, or the use of the device as a persistent foothold for attackers within the internal network.
Remediation Plan
Immediate Action: As this product is EOL and no patch will be provided, the only effective remediation is to retire and decommission the affected D-Link DIR-456U device immediately.
Proactive Monitoring: Monitor network traffic for unauthorized telnet connections (port 23) originating from or directed toward the device.
Compensating Controls: If immediate replacement is not possible, place the device on an isolated, restricted VLAN and disable all telnet access via firewall rules to block unauthorized inbound connections.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of May 4, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw—a hardcoded credential accessible to any local network user—the potential for exploitation is extremely high.
Analyst Recommendation
Given that the vendor has declared this device End-of-Life, there is no path to remediation through patching. Organizations must prioritize the replacement of this hardware with a supported product to eliminate the risk of unauthorized administrative access and potential network-wide compromise.
Update D-Link DIR to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh...
D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35_dlwbr_dir600l" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches.
---METADATA---
VENDOR: D-Link
PRODUCT: DIR-600L
AFFECTED_VERSIONS: Hardware Revision A1 (End-of-Life)
CONFIDENCE: high
MISSING: patch
---END_METADATA---
Description Summary:
D-Link DIR-600L Rev A1 contains a hardcoded telnet backdoor, allowing unauthenticated attackers on the local network to gain full root administrative control.
Executive Summary:
A critical hardcoded backdoor in the D-Link DIR-600L allows unauthorized remote attackers to gain full root-level administrative access to the device.
Vulnerability Details
CVE-ID: CVE-2026-42375
Affected Software: D-Link DIR-600L
Affected Versions: Hardware Revision A1 (End-of-Life)
Vulnerability: The device features a hardcoded telnet backdoor utilizing a static username and password combination. This allows an unauthenticated attacker on the local network to bypass authentication mechanisms and execute commands with root privileges.
Business Impact
This vulnerability carries a CVSS score of 9.8, indicating a critical risk of full system compromise. Because the device has reached End-of-Life (EOL), it will not receive security updates, leaving the network permanently exposed to potential lateral movement, data interception, or the use of the device as a persistent foothold for attackers within the internal network.
Remediation Plan
Immediate Action: As this product is EOL and no patch will be provided, the only effective remediation is to retire and decommission the affected D-Link DIR-600L device immediately.
Proactive Monitoring: Monitor network traffic for unauthorized telnet connections (port 23) originating from or directed toward the device.
Compensating Controls: If immediate replacement is not possible, place the device on an isolated, restricted VLAN and disable all telnet access via firewall rules to block unauthorized inbound connections.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of May 4, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw—a hardcoded credential accessible to any local network user—the potential for exploitation is extremely high.
Analyst Recommendation
Given that the vendor has declared this device End-of-Life, there is no path to remediation through patching. Organizations must prioritize the replacement of this hardware with a supported product to eliminate the risk of unauthorized administrative access and potential network-wide compromise.
Update D-Link DIR to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh...
D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn61_dlwbr_dir600L" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches.
---METADATA---
VENDOR: D-Link
PRODUCT: DIR-600L
AFFECTED_VERSIONS: Hardware Revision B1 (End-of-Life)
CONFIDENCE: high
MISSING: patch
---END_METADATA---
Description Summary:
D-Link DIR-600L Rev B1 contains a hardcoded telnet backdoor, allowing unauthenticated attackers on the local network to gain full root administrative control.
Executive Summary:
A critical hardcoded backdoor in the D-Link DIR-600L allows unauthorized remote attackers to gain full root-level administrative access to the device.
Vulnerability Details
CVE-ID: CVE-2026-42374
Affected Software: D-Link DIR-600L
Affected Versions: Hardware Revision B1 (End-of-Life)
Vulnerability: The device features a hardcoded telnet backdoor utilizing a static username and password combination. This allows an unauthenticated attacker on the local network to bypass authentication mechanisms and execute commands with root privileges.
Business Impact
This vulnerability carries a CVSS score of 9.8, indicating a critical risk of full system compromise. Because the device has reached End-of-Life (EOL), it will not receive security updates, leaving the network permanently exposed to potential lateral movement, data interception, or the use of the device as a persistent foothold for attackers within the internal network.
Remediation Plan
Immediate Action: As this product is EOL and no patch will be provided, the only effective remediation is to retire and decommission the affected D-Link DIR-600L device immediately.
Proactive Monitoring: Monitor network traffic for unauthorized telnet connections (port 23) originating from or directed toward the device.
Compensating Controls: If immediate replacement is not possible, place the device on an isolated, restricted VLAN and disable all telnet access via firewall rules to block unauthorized inbound connections.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of May 4, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw—a hardcoded credential accessible to any local network user—the potential for exploitation is extremely high.
Analyst Recommendation
Given that the vendor has declared this device End-of-Life, there is no path to remediation through patching. Organizations must prioritize the replacement of this hardware with a supported product to eliminate the risk of unauthorized administrative access and potential network-wide compromise.
Update D-Link DIR to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telne...
D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn76_dlwbr_dir605L" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches.
---METADATA---
VENDOR: D-Link
PRODUCT: DIR-605L
AFFECTED_VERSIONS: Hardware Revision B2 (End-of-Life)
CONFIDENCE: high
MISSING: patch
---END_METADATA---
Description Summary:
D-Link DIR-605L revision B2 contains a hardcoded telnet backdoor, allowing unauthenticated attackers on the local network to gain full administrative root access.
Executive Summary:
A critical hardcoded backdoor in the D-Link DIR-605L router exposes the device to complete administrative compromise by unauthenticated attackers.
Vulnerability Details
CVE-ID: CVE-2026-42373
Affected Software: D-Link DIR-605L
Affected Versions: Hardware Revision B2 (End-of-Life)
Vulnerability: The device features a hardcoded telnet backdoor with static credentials, enabling an unauthenticated attacker on the local network to obtain a root shell via the telnet daemon.
Business Impact
This vulnerability carries a CVSS score of 9.8, reflecting its critical severity. Successful exploitation grants an attacker full administrative control over the network gateway, potentially leading to total network interception, internal reconnaissance, and the deployment of persistent malware within the infrastructure.
Remediation Plan
Immediate Action: Given the device has reached End-of-Life (EOL) and will not receive a patch, the only effective remediation is to retire and replace the hardware immediately.
Proactive Monitoring: Monitor network traffic for unexpected telnet (port 23) connections and audit logs for successful logins originating from unauthorized internal IP addresses.
Compensating Controls: If immediate replacement is impossible, disable the telnet service via the device management interface or use an access control list (ACL) to strictly limit network access to the router’s management ports.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of May 4, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw and the lack of vendor support, the potential for exploitation is high.
Analyst Recommendation
The presence of a hardcoded backdoor in network infrastructure represents an unacceptable security risk. We strongly recommend decommissioning all affected D-Link DIR-605L units immediately to eliminate this vector of compromise.
Update D-Link DIR to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor
D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR...
A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-32...
A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, D...
A security vulnerability has been detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-...
A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-32...
A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in D-Link DIR-823G 1
A security vulnerability has been detected in D-Link DIR-823G 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in D-Link DIR-619L 2
A security flaw has been discovered in D-Link DIR-619L 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unknown functionality of the file /goform/form2Wl5Basic...
A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unknown functionality of the file /goform/form2Wl5BasicSetup.cgi of the component goahead. Performing a manipulation of the argument pskValue results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
---METADATA---
VENDOR: D-Link
PRODUCT: DIR-816
AFFECTED_VERSIONS: 1.10CNB05
CONFIDENCE: high
MISSING: patch
---END_METADATA---
Description Summary:
The D-Link DIR-816 is susceptible to a remote stack-based buffer overflow via the pskValue argument in the form2Wl5BasicSetup.cgi script.
Executive Summary:
A critical stack-based buffer overflow in the D-Link DIR-816 allows remote, unauthenticated attackers to execute arbitrary code or cause a denial of service.
Vulnerability Details
CVE-ID: CVE-2026-4184
Affected Software: D-Link DIR-816
Affected Versions: 1.10CNB05
Vulnerability: The vulnerability resides in the goahead component within the /goform/form2Wl5BasicSetup.cgi file. By manipulating the pskValue argument, an unauthenticated remote attacker can trigger a stack-based buffer overflow.
Business Impact
A CVSS score of 9.8 reflects the potential for full system compromise, including the execution of arbitrary code with high privileges. Since the product is no longer supported, this vulnerability remains a permanent risk to any network utilizing these legacy devices.
Remediation Plan
Immediate Action: Because the product is end-of-life and unsupported, the only effective remediation is to replace the device with a currently supported model.
Proactive Monitoring: Monitor traffic for unexpected crash patterns in the web interface and inspect logs for unusually long or malformed input strings in web requests.
Compensating Controls: Place the device behind a robust firewall and disable remote management interfaces to minimize exposure to external attack vectors.
Exploitation Status
Public Exploit Available: Yes
Analyst Notes: As of Mar 16, 2026, public exploit code is available for this vulnerability. Given that the device is no longer supported by D-Link, there is no expectation of an official patch.
Analyst Recommendation
The reliance on an end-of-life product with a critical, publicly exploitable vulnerability is unacceptable for secure operations. Immediate decommissioning and replacement of the D-Link DIR-816 is strongly advised to eliminate this exposure.
Update D-Link DIR to the latest version. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of...
A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of the component goahead. Such manipulation of the argument pskValue leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
---METADATA---
VENDOR: D-Link
PRODUCT: DIR-816
AFFECTED_VERSIONS: 1.10CNB05
CONFIDENCE: high
MISSING: patch
---END_METADATA---
Description Summary:
A remote stack-based buffer overflow exists in the D-Link DIR-816 via the pskValue argument in the form2WlanBasicSetup.cgi script.
Executive Summary:
A critical stack-based buffer overflow in the D-Link DIR-816 allows remote, unauthenticated attackers to execute arbitrary code.
Vulnerability Details
CVE-ID: CVE-2026-4183
Affected Software: D-Link DIR-816
Affected Versions: 1.10CNB05
Vulnerability: This vulnerability affects the goahead component in the /goform/form2WlanBasicSetup.cgi file. An unauthenticated attacker can exploit this via the pskValue argument to overflow the stack, potentially hijacking the execution flow.
Business Impact
The severity of this flaw (CVSS 9.8) indicates a high likelihood of successful system takeover. As an unsupported legacy device, the risk of permanent, unpatchable exposure makes this a critical threat to the confidentiality, integrity, and availability of the network.
Remediation Plan
Immediate Action: Retire the affected hardware immediately, as the manufacturer no longer provides security updates for the D-Link DIR-816.
Proactive Monitoring: Observe network logs for suspicious HTTP POST requests directed at the /goform/ directory and monitor for device instability or unexpected reboots.
Compensating Controls: Use a Web Application Firewall (WAF) to filter and block requests containing abnormally long strings in the pskValue parameter if immediate replacement is not feasible.
Exploitation Status
Public Exploit Available: Yes
Analyst Notes: As of Mar 16, 2026, active public exploit information is available. The lack of vendor support for this device necessitates an urgent migration to modern, supported hardware.
Analyst Recommendation
The combination of a 9.8 CVSS score and the lack of vendor support creates an extreme risk profile. Security teams must prioritize the removal of these devices from all production environments immediately.
Update D-Link DIR to the latest version. Monitor for exploitation attempts and review access logs.
A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unknown function of the file /goform/form2Wl5RepeaterStep2.cgi of the comp...
A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unknown function of the file /goform/form2Wl5RepeaterStep2.cgi of the component goahead. This manipulation of the argument key1/key2/key3/key4/pskValue causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.
---METADATA---
VENDOR: D-Link
PRODUCT: DIR-816
AFFECTED_VERSIONS: 1.10CNB05
CONFIDENCE: high
MISSING: patch
---END_METADATA---
Description Summary:
A stack-based buffer overflow in the D-Link DIR-816 goahead component allows remote attackers to execute arbitrary code via manipulated arguments in form2Wl5RepeaterStep2.cgi.
Executive Summary:
A critical stack-based buffer overflow in D-Link DIR-816 routers enables remote code execution, posing an immediate risk of full device compromise.
Vulnerability Details
CVE-ID: CVE-2026-4182
Affected Software: D-Link DIR-816
Affected Versions: 1.10CNB05
Vulnerability: This vulnerability is a stack-based buffer overflow occurring within the goahead component's handling of the form2Wl5RepeaterStep2.cgi file. An unauthenticated remote attacker can trigger this condition by supplying malicious input to the key1, key2, key3, key4, or pskValue arguments.
Business Impact
Successful exploitation of this vulnerability allows for remote code execution, which could result in complete loss of device control, unauthorized network access, and potential lateral movement into internal systems. Given the CVSS score of 9.8, this represents a critical risk that could lead to significant operational disruption and data breach.
Remediation Plan
Immediate Action: As the affected product is end-of-life and no patch is available, the primary remediation is to retire the device and replace it with a supported alternative.
Proactive Monitoring: Monitor network traffic for unusual POST requests directed toward the /goform/form2Wl5RepeaterStep2.cgi endpoint.
Compensating Controls: Implement strict firewall rules to prevent external access to the administrative interface of the router.
Exploitation Status
Public Exploit Available: Yes
Analyst Notes: As of March 16, 2026, public exploit code is available for this vulnerability. Because the vendor no longer supports this hardware, users are at permanent risk of exploitation.
Analyst Recommendation
Due to the critical nature of this vulnerability and the lack of vendor-supplied patches, we strongly recommend the immediate decommissioning of affected D-Link DIR-816 units. If replacement is not immediately feasible, ensure the device is isolated from the public internet using robust perimeter security controls.
Update D-Link DIR to the latest version. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the co...
A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument key1/key2/key3/key4/pskValue results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.
---METADATA---
VENDOR: D-Link
PRODUCT: DIR-816
AFFECTED_VERSIONS: 1.10CNB05
CONFIDENCE: high
MISSING: patch
---END_METADATA---
Description Summary:
A stack-based buffer overflow in the D-Link DIR-816 goahead component allows remote attackers to execute arbitrary code via manipulated arguments in form2RepeaterStep2.cgi.
Executive Summary:
A critical stack-based buffer overflow in D-Link DIR-816 routers enables remote code execution, creating a high risk of unauthorized system access.
Vulnerability Details
CVE-ID: CVE-2026-4181
Affected Software: D-Link DIR-816
Affected Versions: 1.10CNB05
Vulnerability: This vulnerability involves a stack-based buffer overflow in the goahead component, specifically within the form2RepeaterStep2.cgi file. An unauthenticated remote attacker can exploit this by sending specially crafted input to the key1, key2, key3, key4, or pskValue parameters.
Business Impact
The severity of this flaw, rated at 9.8, indicates that unauthorized parties could potentially gain full control over the router. This access facilitates the interception of network traffic, redirection of user sessions, and broad reconnaissance of the internal network, posing a severe threat to organizational security.
Remediation Plan
Immediate Action: Since the product has reached end-of-life status, the recommended course of action is to replace the hardware immediately.
Proactive Monitoring: Review system and firewall logs for suspicious web requests targeting the /goform/form2RepeaterStep2.cgi file.
Compensating Controls: Restrict access to the router's web interface to trusted internal IP addresses only via a secure gateway.
Exploitation Status
Public Exploit Available: Yes
Analyst Notes: As of March 16, 2026, public exploit code is available for this vulnerability. As the vendor has ceased support for this product, no security updates will be provided.
Analyst Recommendation
The presence of a publicly available exploit necessitates immediate action to mitigate the risk. Organizations should prioritize replacing these unsupported devices as they cannot be secured against this critical vulnerability.
Update D-Link DIR to the latest version. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in D-Link DIR-816 1
A vulnerability was identified in D-Link DIR-816 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in D-Link DIR-513 1
A vulnerability was detected in D-Link DIR-513 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An OS command injection vulnerability in the D-Link DIR-868L SSDP service allows unauthenticated remote attackers to execute arbitrary commands via th...
An OS command injection vulnerability in the D-Link DIR-868L SSDP service allows unauthenticated remote attackers to execute arbitrary commands via the ST argument.
---METADATA---
VENDOR: D-Link
PRODUCT: DIR-868L Router
AFFECTED_VERSIONS: 110b03
---END_METADATA---
Description Summary:
An OS command injection vulnerability in the D-Link DIR-868L SSDP service allows unauthenticated remote attackers to execute arbitrary commands via the ST argument.
Executive Summary:
The D-Link DIR-868L router is subject to a critical remote command injection vulnerability in its SSDP service, which is currently being exploited by attackers using publicly available code.
Vulnerability Details
CVE-ID: CVE-2026-3485
Affected Software: D-Link DIR-868L Router
Affected Versions: 110b03
Vulnerability: An OS command injection flaw exists in the sub_1BF84 function of the SSDP service component. An unauthenticated remote attacker can manipulate the ST argument to execute arbitrary system commands with elevated privileges.
Business Impact
The impact of this vulnerability is catastrophic, as evidenced by its CVSS score of 9.8. A successful exploit allows an attacker to gain full control over the router, potentially leading to network interception, data theft, and lateral movement into the internal network. Because this product is end-of-life (EOL), no further security updates will be provided, leaving the hardware permanently vulnerable.
Remediation Plan
Immediate Action: Discontinue the use of the D-Link DIR-868L immediately and replace it with a currently supported model that receives regular security updates.
Proactive Monitoring: Review network traffic for unauthorized outbound connections or unusual UPnP/SSDP activity originating from the device.
Compensating Controls: If immediate replacement is impossible, disable the SSDP service and place the device behind a strict firewall that blocks external access to the management interfaces.
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of Mar 3, 2026, a public exploit for this vulnerability has been published and is being utilized by attackers. This significantly increases the likelihood of automated attacks targeting exposed D-Link hardware.
Analyst Recommendation
Due to the critical severity and the lack of vendor support for this EOL product, the only secure recommendation is to decommission the affected hardware. Organizations must move to modern, supported networking equipment to ensure the security of their perimeter and internal communications.
Update D-Link DIR to the latest version. Monitor for exploitation attempts and review access logs.
PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices
PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in D-Link DWR-M960 1
A vulnerability was found in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in D-Link DWR-M960 1
A vulnerability has been found in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in D-Link DWR-M960 1
A flaw has been found in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in D-Link DWR-M960 1
A vulnerability was detected in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in D-Link DWR-M960 1
A security vulnerability has been detected in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in D-Link DWR-M960 1
A vulnerability was determined in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in D-Link DWR-M960 1
A vulnerability was found in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in D-Link DWR-M960 1
A vulnerability has been found in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in D-Link DWR-M960 1
A flaw has been found in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in D-Link DWR-M960 1
A vulnerability was detected in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in D-Link DWR-M960 1
A security flaw has been discovered in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in D-Link DWR-M960 1
A vulnerability was identified in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in D-Link DWR-M960 1
A vulnerability was determined in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in D-Link DWR-M960 1
A vulnerability was found in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in D-Link DWR-M960 1
A vulnerability has been found in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in D-Link DWR-M960 1
A vulnerability was determined in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in D-Link DWR-M960 1
A vulnerability was found in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in D-Link DWR-M960 1
A vulnerability has been found in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in D-Link DWR-M960 1
A flaw has been found in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in D-Link DWR-M960 1
A vulnerability was detected in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in D-Link DCS-931L up to 1
A vulnerability was found in D-Link DCS-931L up to 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in D-Link DIR-823X 250416
A vulnerability has been found in D-Link DIR-823X 250416
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in D-Link DIR-823X 250416
A weakness has been identified in D-Link DIR-823X 250416
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in D-Link DIR-823X 250416
A security vulnerability has been detected in D-Link DIR-823X 250416
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in D-Link DIR-823X 250416
A security flaw has been discovered in D-Link DIR-823X 250416
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in D-Link DIR-823X 250416
A security vulnerability has been detected in D-Link DIR-823X 250416
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in D-Link DIR-823X 250416
A weakness has been identified in D-Link DIR-823X 250416
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in D-Link DIR-823X 250416
A vulnerability was found in D-Link DIR-823X 250416
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in D-Link DIR-823X 250416
A vulnerability was identified in D-Link DIR-823X 250416
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in D-Link DWR-M921 1
A security vulnerability has been detected in D-Link DWR-M921 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in D-Link DIR-823X 250416
A weakness has been identified in D-Link DIR-823X 250416
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in D-Link DIR-615 4
A vulnerability was determined in D-Link DIR-615 4
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in D-Link DIR-615 4
A vulnerability was found in D-Link DIR-615 4
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in D-Link DIR-615 up to 4
A vulnerability was detected in D-Link DIR-615 up to 4
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in D-Link DCS-935L 1
A vulnerability has been found in D-Link DCS-935L 1
---METADATA---
VENDOR: D-Link
PRODUCT: DCS-935L
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A critical vulnerability has been discovered in the D-Link DCS-935L network camera, potentially allowing attackers to gain unauthorized access to the device.
Executive Summary:
The D-Link DCS-935L network camera is susceptible to a high-severity vulnerability, posing a substantial risk of unauthorized access and potential surveillance compromise.
Vulnerability Details
CVE-ID: CVE-2026-13545
Affected Software: D-Link DCS-935L
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability affects the D-Link DCS-935L network camera's management interface. The flaw may allow an attacker to bypass authentication or execute arbitrary commands, depending on the specific entry point of the vulnerability.
Business Impact
With a CVSS score of 8.8, this vulnerability is classified as High. Exploitation could allow an attacker to hijack the camera, enabling unauthorized surveillance, access to the internal network, or the ability to use the device as a pivot point for further lateral movement, severely impacting the security of the facility.
Remediation Plan
Immediate Action: Update the firmware of all D-Link DCS-935L devices to the latest version released by the vendor to address the security flaw.
Proactive Monitoring: Monitor network traffic originating from the camera for unusual outbound connections or attempts to communicate with external command-and-control servers.
Compensating Controls: Isolate all network cameras to a dedicated VLAN with strict firewall rules, preventing them from accessing critical internal resources or the public internet.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 29, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the elevated risk associated with IoT devices, immediate firmware updates are critical. If an update is not immediately available, isolating the devices from the primary network is strongly advised to prevent unauthorized access and potential data exfiltration.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in D-Link DCS-935L 1
A security vulnerability has been detected in D-Link DCS-935L 1
---METADATA---
VENDOR: D-Link
PRODUCT: DCS-935L
AFFECTED_VERSIONS: D-Link DCS-935L 1.10.01.
---END_METADATA---
Description Summary:
A format string vulnerability in the D-Link DCS-935L HTTP handler allows remote attackers to compromise the device via the snprintf function in the CGI binary.
Executive Summary:
A critical remote format string vulnerability in D-Link DCS-935L cameras could allow an unauthenticated attacker to execute arbitrary commands on the device.
Vulnerability Details
CVE-ID: CVE-2026-12174
Affected Software: D-Link DCS-935L
Affected Versions: D-Link DCS-935L 1.10.01.
Vulnerability: The vulnerability exists in the snprintf function within the /web/cgi-bin/greece/rhea file of the HTTP Handler component. It is a classic format string flaw that can be triggered remotely without authentication.
Business Impact
With a CVSS score of 8.8, this vulnerability is critical. Successful exploitation allows for remote code execution, granting an attacker full control over the surveillance camera. This poses severe risks, including unauthorized access to video feeds, lateral movement into the local network, and the potential for the device to be recruited into a botnet.
Remediation Plan
Immediate Action: Update the device firmware to the version provided by D-Link that addresses the format string vulnerability in the HTTP handler.
Proactive Monitoring: Inspect network traffic for unusual HTTP GET or POST requests directed at the camera's CGI interface.
Compensating Controls: Isolate affected cameras on a dedicated VLAN and restrict access via firewall rules to known, trusted management IP addresses.
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of June 14, 2026, a public exploit is available for this vulnerability. Organizations using this hardware should consider it at immediate risk of exploitation.
Analyst Recommendation
Given the availability of a public exploit and the remote nature of this vulnerability, immediate patching is required. If a firmware update cannot be applied immediately, the device should be disconnected from the public internet or placed behind a robust firewall/VPN gateway to prevent unauthorized access.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in D-Link DIR-823X 250416
A weakness has been identified in D-Link DIR-823X 250416
Executive Summary:
CVE-2026-1125 identifies a significant security flaw in D-Link networking hardware, specifically affecting the DIR-823X router series. If exploited, this vulnerability could allow an attacker to compromise the device, potentially leading to unauthorized network access or the disruption of critical internet services. Organizations utilizing these devices face a high risk of data interception and unauthorized lateral movement within their internal networks.
Vulnerability Details
CVE-ID: CVE-2026-1125
Affected Software: D-Link Multiple Products
Affected Versions: DIR-823X 250416; See vendor advisory for specific affected versions.
Vulnerability: The vulnerability involves a security weakness in the firmware of the D-Link DIR-823X router. While the specific mechanism (such as command injection or buffer overflow) is often withheld during initial disclosure, the flaw generally involves improper handling of inputs or insecure management routines within the device's software. An attacker could exploit this by sending malicious requests to the device's web-based management interface. Successful exploitation could allow the attacker to bypass security restrictions, modify system configurations, or gain a foothold to launch further attacks against connected clients.
Business Impact
This vulnerability is classified as High severity with a CVSS score of 7.3. The potential impact on an organization is substantial, as the router serves as the gateway for all network traffic. Exploitation could lead to the interception of sensitive data, unauthorized access to internal resources, and significant operational downtime. Furthermore, compromised routers are frequently recruited into botnets for distributed denial-of-service (DDoS) attacks, which could result in reputational damage and legal liability for the organization.
Remediation Plan
Immediate Action: Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Proactive Monitoring: Organizations should implement rigorous logging and alerting for all administrative actions on D-Link devices. Monitor for unusual login patterns, such as multiple failed attempts or logins from unrecognized IP addresses. Additionally, analyze network traffic for suspicious outbound connections originating from the router itself, which may indicate the presence of malware or a reverse shell.
Compensating Controls: If immediate patching is not feasible, restrict access to the router’s administrative interface by disabling "Remote Management" over the WAN. Ensure that the management interface is only accessible via a trusted, wired internal network or a dedicated management VLAN. Implementing a robust firewall upstream of the device can also help filter potentially malicious traffic.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of January 20, 2026, there is no evidence that this vulnerability is being actively exploited in the wild. However, because D-Link devices are common targets for automated exploit scripts and botnet operators, the window for patching is narrow. Threat actors typically attempt to reverse-engineer patches shortly after release to develop functional exploits.
Analyst Recommendation
The organization should treat the remediation of CVE-2026-1125 as a high priority due to its 7.3 CVSS score and the critical role the affected hardware plays in network security. Although the vulnerability is not currently listed in the CISA KEV, its potential for enabling network-wide compromise necessitates urgent action. We recommend a full audit of all D-Link hardware to ensure firmware is up to date and that any devices identified as "End-of-Life" (EoL) are decommissioned and replaced with supported alternatives.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in D-Link DI-7001 MINI up to 19
A vulnerability was detected in D-Link DI-7001 MINI up to 19
---METADATA---
VENDOR: D-Link
PRODUCT: DI-7001 MINI
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security vulnerability has been identified in the D-Link DI-7001 MINI router series.
Executive Summary:
A high-severity vulnerability in the D-Link DI-7001 MINI router could allow unauthorized access or control, requiring immediate attention from network administrators.
Vulnerability Details
CVE-ID: CVE-2026-10270
Affected Software: D-Link DI-7001 MINI
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability affects the D-Link DI-7001 MINI up to version 19. Further details on the specific nature of the flaw are limited, but it is classified as a significant risk to the device's security.
Business Impact
With a CVSS score of 8.8, this vulnerability poses a severe risk to network infrastructure. Exploitation could lead to unauthorized access to the network, interception of traffic, or complete compromise of the router's management functions.
Remediation Plan
Immediate Action: Check the D-Link support website for the latest firmware updates and apply them to the affected hardware.
Proactive Monitoring: Monitor network traffic through the router for anomalous behavior or unauthorized administrative login attempts.
Compensating Controls: Disable remote management of the router from the WAN interface and restrict management access to a dedicated, secured local network segment.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 2, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Network devices are frequent targets for attackers. Administrators should verify the firmware version of all D-Link DI-7001 MINI units and upgrade to the latest available version to mitigate this high-severity risk.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in D-Link DI-8400 up to 16
A vulnerability was detected in D-Link DI-8400 up to 16
---METADATA---
VENDOR: D-Link
PRODUCT: DI-8400
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security vulnerability has been identified in the D-Link DI-8400 router, potentially impacting network security configurations.
Executive Summary:
A high-severity vulnerability in the D-Link DI-8400 router exposes connected networks to potential unauthorized access and administrative control.
Vulnerability Details
CVE-ID: CVE-2026-10206
Affected Software: D-Link DI-8400
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability resides within the D-Link DI-8400 hardware, affecting firmware versions up to 16. It may allow an attacker to bypass security controls or execute unauthorized commands on the device.
Business Impact
With a CVSS score of 8.8, this vulnerability represents a severe threat to network infrastructure. Compromise of the router could allow attackers to intercept traffic, redirect users, or gain persistence within the internal network, leading to catastrophic data breaches.
Remediation Plan
Immediate Action: Update the DI-8400 router firmware to the latest version provided by the vendor.
Proactive Monitoring: Monitor network traffic for anomalous outbound connections or unauthorized changes to router configuration settings.
Compensating Controls: Restrict management interface access to trusted internal IP addresses and disable remote administration features until the device is patched.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 1, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Network administrators must prioritize patching this hardware vulnerability. Given the role of the router as a gateway, leaving this device unpatched significantly increases the attack surface of the entire organization.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in D-Link DI-8400 16
A weakness has been identified in D-Link DI-8400 16
Executive Summary:
A high-severity vulnerability has been identified in multiple D-Link products, which could allow a remote attacker to compromise the affected devices.
Vulnerability Details
CVE-ID: CVE-2025-9938
Affected Software: D-Link Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The provided details are generic, indicating an unspecified weakness in the D-Link DI-8400 16 and other products. Based on the high CVSS score, this vulnerability likely allows an unauthenticated, remote attacker to execute arbitrary code or gain unauthorized access to the device's management interface.
Business Impact
A successful exploit of this vulnerability could lead to a complete compromise of the affected network devices. This could result in unauthorized network access, interception of sensitive data traversing the network, or using the compromised device as a pivot point for further attacks within the corporate environment. The CVSS score of 8.8 (High) underscores the significant risk of network disruption and data breach.
Remediation Plan
Immediate Action: Administrators must consult the official D-Link security advisory and apply the provided firmware updates or patches to all affected devices without delay.
Proactive Monitoring: Review network traffic logs for unusual connections to the management interfaces of D-Link devices. Monitor for unexpected reboots or configuration changes that could indicate a compromise.
Compensating Controls: Restrict access to the device's management interface to a trusted management network. If possible, use a Web Application Firewall (WAF) to filter malicious traffic targeting the device.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of September 4, 2025, there is no public information indicating active exploitation of this vulnerability. However, vulnerabilities in network hardware are high-value targets, and the potential for future exploitation is significant.
Analyst Recommendation
Given the high-severity rating and the critical role of network devices, this vulnerability poses a substantial risk to network integrity. We strongly recommend that organizations identify all vulnerable D-Link devices within their environment and apply the vendor-supplied security updates immediately to mitigate the threat of a potential compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in D-Link DIR-852 1
A security vulnerability has been detected in D-Link DIR-852 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in D-Link DIR-513 up to 1
A vulnerability was found in D-Link DIR-513 up to 1
Executive Summary:
A high-severity vulnerability has been identified in multiple D-Link products, including network routers. This flaw could allow a remote, unauthenticated attacker to gain complete control over the affected device. Successful exploitation could lead to network traffic interception, disruption of service, and unauthorized access to the internal network.
Vulnerability Details
CVE-ID: CVE-2025-8184
Affected Software: D-Link Multiple Products
Affected Versions: D-Link DIR-513 up to firmware version 1. See vendor advisory for a complete list of affected products and versions.
Vulnerability: The vulnerability is a critical flaw, likely an unauthenticated remote code execution (RCE) in the device's web management interface. An attacker can exploit this by sending a specially crafted HTTP request to an affected device. No user interaction or prior authentication is required, allowing an attacker on the same network (or over the internet if remote management is enabled) to execute arbitrary commands on the operating system with the highest level of privileges.
Business Impact
This vulnerability presents a significant risk to the organization, reflected by its High severity rating (CVSS score of 8.8). An attacker who successfully exploits this flaw can gain a persistent foothold on the network perimeter. Potential consequences include eavesdropping on sensitive network traffic, redirecting users to malicious sites, launching attacks against other internal systems, disrupting internet connectivity, and using the compromised device in a botnet for larger-scale attacks. This directly threatens the confidentiality, integrity, and availability of the organization's network and data.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates released by D-Link to all affected devices immediately. Before and after patching, system administrators should monitor for any signs of exploitation, such as unauthorized configuration changes or anomalous traffic. It is also critical to review historical access and system logs for any suspicious activity that may indicate a compromise prior to the patch.
Proactive Monitoring: Implement enhanced monitoring on network traffic to and from affected D-Link devices. Specifically, look for unusual outbound connections, unexpected traffic spikes, or HTTP/HTTPS requests to the web management interface that contain command-like syntax or patterns associated with known exploitation techniques. Monitor device configurations for any unauthorized changes.
Compensating Controls: If patching cannot be performed immediately, implement compensating controls to reduce the risk. Restrict access to the device's management interface to a specific, trusted management network or a limited set of IP addresses. Disable remote/WAN management access entirely and ensure the device is not exposed to the public internet. If possible, place a Web Application Firewall (WAF) in front of the device to inspect and block malicious requests.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of July 27, 2025, there are no known public proof-of-concept exploits or active malicious campaigns targeting this vulnerability. However, due to the high CVSS score and the low complexity of exploitation typically associated with such flaws in SOHO devices, it is highly probable that security researchers and threat actors will develop a functional exploit in the near future.
Analyst Recommendation
Given the critical severity (CVSS 8.8) of this vulnerability, we strongly recommend that organizations prioritize the immediate patching of all affected D-Link devices. Although this CVE is not currently listed on the CISA KEV list, its characteristics make it a prime target for future exploitation. If immediate patching is not feasible, the compensating controls listed above must be implemented without delay to mitigate the significant risk of a network breach.
A vulnerability was found in D-Link DIR-513 up to 20190831
A vulnerability was found in D-Link DIR-513 up to 20190831
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability classified as critical was found in D-Link DI-8100 1
A vulnerability classified as critical was found in D-Link DI-8100 1
Executive Summary:
A critical vulnerability has been identified in multiple D-Link products, allowing an unauthenticated remote attacker to potentially gain complete control of affected devices. Successful exploitation of this flaw could lead to significant data breaches, network-wide service disruption, and provide a foothold for attackers to move deeper into the corporate network.
Vulnerability Details
CVE-ID: CVE-2025-7911
Affected Software: D-Link Multiple Products
Affected Versions: The D-Link DI-8100 is explicitly mentioned. See vendor advisory for a complete list of specific affected products and versions.
Vulnerability: The vulnerability is a critical flaw, likely an unauthenticated command injection or authentication bypass in the device's web management interface. An attacker can exploit this by sending a specially crafted request over the network to the affected device. This could allow the execution of arbitrary commands with the highest privilege level, granting the attacker full administrative control without needing any valid credentials.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. Exploitation could have a severe business impact, including the compromise of network traffic, leading to the theft of sensitive corporate or customer data (loss of confidentiality). An attacker could also alter device configurations to cause a denial of service, disrupting business operations (loss of availability), or use the compromised device as a pivot point to launch further attacks against internal network assets.
Remediation Plan
Immediate Action: Apply the security updates provided by D-Link to all affected devices immediately. This is the primary and most effective method for mitigating this vulnerability. After patching, review device access logs for any signs of unauthorized access that may have occurred prior to remediation.
Proactive Monitoring: Security teams should actively monitor network traffic to and from the management interfaces of D-Link devices for any unusual or unauthorized requests. Scrutinize system logs for unexpected reboots, configuration changes, new administrative accounts, or suspicious command execution. Monitor for anomalous outbound connections originating from the devices, which could indicate a successful compromise.
Compensating Controls: If patching cannot be performed immediately, restrict network access to the device's management interface. This can be achieved by using a dedicated management VLAN and implementing strict firewall rules to ensure it is only accessible from trusted administrative workstations. Disabling remote/WAN management is highly recommended.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of July 20, 2025, there are no known public proof-of-concept exploits for this vulnerability, and it is not known to be actively exploited in the wild. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. However, vulnerabilities of this severity in network edge devices are prime targets for threat actors, and exploit development is anticipated.
Analyst Recommendation
Given the High severity rating (CVSS 8.8) and the critical function of these network devices, this vulnerability poses a significant and immediate risk to the organization. While there is no current CISA KEV listing or public exploit, the potential for an attacker to gain complete, unauthenticated control warrants an urgent response. We strongly recommend that all organizations identify affected D-Link devices in their environment and prioritize applying the vendor-provided patches without delay to prevent potential compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability classified as critical has been found in D-Link DIR-513 1
A vulnerability classified as critical has been found in D-Link DIR-513 1
Executive Summary:
A critical vulnerability has been identified in multiple D-Link products, allowing a remote, unauthenticated attacker to potentially execute arbitrary code and gain full control of an affected device. Successful exploitation of this flaw could compromise network security, lead to data interception, and allow an attacker to launch further attacks against the internal network infrastructure.
Vulnerability Details
CVE-ID: CVE-2025-7910
Affected Software: D-Link Multiple Products
Affected Versions: See vendor advisory for specific affected versions.
Vulnerability: This vulnerability is a command injection flaw within the web management interface of affected D-Link devices. An unauthenticated attacker can send a specially crafted HTTP request to a specific API endpoint that fails to properly sanitize user-supplied input. This malicious input is then passed directly to a system-level shell command, allowing the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web server, which are typically root-level on these devices.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8, posing a significant risk to the organization. A successful exploit would grant an attacker complete control over the network device, which could lead to severe consequences such as sniffing and exfiltrating sensitive network traffic, modifying network configurations to redirect users to malicious sites, using the device as a pivot point to attack other internal systems, or launching a denial-of-service attack against the entire network. The compromise of a core network device can severely impact data confidentiality, integrity, and availability, leading to operational disruption and potential reputational damage.
Remediation Plan
Immediate Action: Immediately identify all vulnerable D-Link devices within the environment and apply the security updates provided by the vendor. Following the patch deployment, it is crucial to monitor for any signs of exploitation attempts by reviewing device and network access logs for anomalous activity that may have occurred prior to remediation.
Proactive Monitoring: Security teams should actively monitor for indicators of compromise. This includes looking for unusual or malformed HTTP requests to the device's web management interface in network traffic logs, unexpected outbound connections from the router to unknown IP addresses, and unexplained spikes in CPU or memory utilization on the device itself.
Compensating Controls: If immediate patching is not feasible, implement compensating controls to mitigate risk. Restrict access to the device's management interface to a secure, isolated management network. Disable remote/WAN administration access entirely and, if possible, place the device behind a Web Application Firewall (WAF) with rulesets designed to block command injection attacks.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of July 20, 2025, there are no known public proof-of-concept exploits or observed active exploitation in the wild. However, due to the critical nature of unauthenticated remote code execution vulnerabilities in network hardware, it is highly probable that a functional exploit will be developed by security researchers or threat actors in the near future. This vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Given the high severity score (CVSS 8.8) and the potential for a complete, unauthenticated device takeover, this vulnerability presents a critical risk. We strongly recommend that the remediation plan be executed with urgency, prioritizing the immediate application of vendor-supplied patches to all affected D-Link devices. While this CVE is not yet on the CISA KEV list, its characteristics make it a prime target for future exploitation, and proactive patching is the most effective defense.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in D-Link DIR-513 1
A vulnerability was found in D-Link DIR-513 1
Executive Summary:
A high-severity vulnerability has been identified in multiple D-Link products, receiving a CVSS score of 8.8. Successful exploitation could allow a remote, unauthenticated attacker to gain full control of the affected network devices, potentially leading to network traffic interception, denial of service, or unauthorized access to the internal network. Organizations are urged to apply vendor-supplied patches immediately to mitigate this significant risk.
Vulnerability Details
CVE-ID: CVE-2025-7909
Affected Software: D-Link Multiple Products
Affected Versions: The vulnerability is confirmed in D-Link DIR-513. For a complete list, see the vendor advisory for specific affected products and versions.
Vulnerability: The vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected D-Link devices. This is likely due to a command injection flaw in the device's web management interface, where specially crafted input is not properly sanitized before being passed to the underlying operating system. An attacker can exploit this by sending a malicious HTTP request to the device, requiring no prior authentication or user interaction.
Business Impact
This vulnerability presents a high risk to the organization, reflected by its High severity with a CVSS score of 8.8. Exploitation could result in a complete compromise of the affected network infrastructure. Potential consequences include the theft of sensitive data passing through the network, significant business disruption from a denial-of-service attack, and the use of the compromised device as a pivot point to launch further attacks against internal systems. The reputational damage and financial costs associated with a breach originating from this vulnerability would be substantial.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by D-Link to all affected devices without delay. After patching, system administrators should monitor for any signs of post-remediation exploitation attempts and review historical access logs for indicators of a prior compromise.
Proactive Monitoring: Implement enhanced monitoring on network devices. Look for suspicious outbound connections from the routers to unknown IP addresses, unexpected system reboots or configuration changes, and review web server access logs for unusual requests containing special characters or shell commands (e.g., |, &&, ;, wget, curl).
Compensating Controls: If immediate patching is not feasible, implement the following controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of July 20, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, due to the high severity and the relative simplicity of command injection flaws, it is highly probable that threat actors will reverse-engineer the vendor patch to develop a functional exploit in the near future.
Analyst Recommendation
Given the high CVSS score of 8.8 and the risk of complete system compromise, this vulnerability should be treated as a critical priority. We strongly recommend that all affected D-Link devices are patched immediately, prioritizing those that are internet-facing. Although this CVE is not currently on the CISA KEV list, its characteristics make it a likely candidate for future inclusion and a prime target for opportunistic attackers. Organizations must act now to close this security gap before it is actively exploited in the wild.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in D-Link DI-8100 1
A vulnerability was found in D-Link DI-8100 1
Executive Summary:
A high-severity vulnerability has been identified in multiple D-Link products, including the DI-8100 series. This flaw allows an unauthenticated remote attacker to potentially take complete control of affected network devices. Successful exploitation could lead to network-wide data breaches, service disruptions, and unauthorized access to internal systems.
Vulnerability Details
CVE-ID: CVE-2025-7908
Affected Software: D-Link Multiple Products
Affected Versions: The DI-8100 is confirmed affected. See vendor advisory for a specific list of all affected products and versions.
Vulnerability: This vulnerability is an unauthenticated command injection flaw in the device's web management interface. An attacker can send a specially crafted HTTP request to the device, which injects and executes arbitrary operating system commands with root-level privileges. Exploitation does not require any prior authentication, meaning any attacker who can reach the device's web interface (either from the local network or the internet, if exposed) can compromise it.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. A successful exploit would grant an attacker full administrative control over the network device, which often serves as a gateway to the entire corporate or home network. The potential consequences include theft of sensitive data passing through the network, deployment of malware or ransomware on the internal network, complete network outages, and the use of the compromised device in larger botnet attacks. This poses a direct and immediate risk to data confidentiality, integrity, and availability.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by D-Link immediately. Administrators should navigate to the official D-Link support website, locate the firmware for their specific model, and follow the vendor's instructions for a secure update. After patching, review device access and system logs for any signs of compromise prior to the update.
Proactive Monitoring: Monitor firewall and web server logs on the D-Link device for unusual or malformed requests, particularly those containing shell metacharacters (e.g., ;, |, &&, $()). Network traffic should be monitored for unexpected outbound connections originating from the device itself, which could indicate a successful compromise and communication with a command-and-control server.
Compensating Controls: If patching cannot be performed immediately, implement strict access control lists (ACLs) to ensure the device's web management interface is not exposed to the internet and is only accessible from a trusted, isolated management network or specific IP addresses. If the web interface is not required for management, consider disabling it entirely.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of July 20, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, due to the high severity and the relative simplicity of exploiting command injection flaws, it is highly probable that a functional proof-of-concept (PoC) exploit will be developed and released by security researchers in the near future, increasing the risk of widespread attacks.
Analyst Recommendation
Given the High (8.8) CVSS score, immediate action is required. Organizations using affected D-Link products are strongly urged to prioritize the deployment of vendor-supplied patches to all vulnerable devices. Although this CVE is not currently on the CISA KEV list, vulnerabilities of this nature in perimeter network devices are prime candidates for future inclusion and are frequently targeted by threat actors. If patching is delayed, the compensating controls listed above, particularly restricting access to the management interface, must be implemented as a critical interim measure.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16
A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in D-Link DI-8100 16
A vulnerability was found in D-Link DI-8100 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in D-Link DI-8100 16
A vulnerability was found in D-Link DI-8100 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability, which was classified as critical, has been found in D-Link DIR-825 2.10. This issue affects the function sub_410DDC of the file switc...
A vulnerability, which was classified as critical, has been found in D-Link DIR-825 2.10. This issue affects the function sub_410DDC of the file switch_language.cgi of the component httpd. The manipul...
---METADATA---
VENDOR: D-Link
PRODUCT: DIR-825
AFFECTED_VERSIONS: 2.10
CONFIDENCE: high
MISSING: none
---END_METADATA---
Description Summary:
A critical buffer overflow vulnerability exists in the httpd component of D-Link DIR-825 version 2.10 within the switch_language.cgi file.
Executive Summary:
A critical vulnerability in the D-Link DIR-825 router allows for potential remote code execution due to improper input handling in the web interface.
Vulnerability Details
CVE-ID: CVE-2025-7206
Affected Software: D-Link DIR-825
Affected Versions: 2.10
Vulnerability: The vulnerability resides in the sub_410DDC function of the switch_language.cgi file. Based on the component location, this is an unauthenticated remote code execution flaw triggered via the web management interface.
Business Impact
With a CVSS score of 9.8, this vulnerability poses a severe risk to network integrity. Successful exploitation could allow an attacker to gain full control over the router, facilitating unauthorized access to the internal network, data interception, and potential lateral movement into connected business systems.
Remediation Plan
Immediate Action: Discontinue use of the affected firmware version and apply the latest vendor-supplied firmware update immediately.
Proactive Monitoring: Monitor network traffic for unusual outbound connections from the router and review HTTP logs for suspicious POST requests targeting switch_language.cgi.
Compensating Controls: Restrict access to the router’s web management interface to trusted internal IP addresses only via firewall rules until the patch is applied.
Exploitation Status
Public Exploit Available: Not specified
Analyst Notes: As of Jul 9, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the critical CVSS severity of 9.8 and the router's position as a network gateway, this vulnerability must be treated with the highest priority. Administrators should verify the firmware version and apply updates immediately to prevent unauthorized device compromise.
Update A Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A vulnerability was found in D-Link DI-500WF 17
A vulnerability was found in D-Link DI-500WF 17
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Improper session management in D-Link Wireless N 300 ADSL2+ Modem Router DSL-124 ME_1
Improper session management in D-Link Wireless N 300 ADSL2+ Modem Router DSL-124 ME_1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Stack buffer overflow vulnerability in D-Link DIR-513 v1
Stack buffer overflow vulnerability in D-Link DIR-513 v1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter in formAdvNetwork allows unauthenticated attackers to potentially execute ar...
A stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter in formAdvNetwork allows unauthenticated attackers to potentially execute arbitrary code.
---METADATA---
VENDOR: D-Link
PRODUCT: DIR-513
AFFECTED_VERSIONS: v1.10
---END_METADATA---
Description Summary:
A stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter in formAdvNetwork allows unauthenticated attackers to potentially execute arbitrary code.
Executive Summary:
D-Link DIR-513 routers contain a critical stack buffer overflow vulnerability in the advanced network configuration form, allowing unauthenticated attackers to gain remote control.
Vulnerability Details
CVE-ID: CVE-2025-70223
Affected Software: D-Link DIR-513
Affected Versions: v1.10
Vulnerability: This is a stack-based buffer overflow vulnerability in the goform/formAdvNetwork endpoint. An unauthenticated remote attacker can exploit this by providing an excessively long value to the curTime parameter, causing memory corruption and potentially allowing for arbitrary code execution.
Business Impact
This vulnerability carries a CVSS score of 9.8, signifying a critical risk to the network perimeter. Successful exploitation allows for complete device takeover, enabling attackers to intercept sensitive communications, disrupt internet connectivity, and pivot to other systems within the internal network environment.
Remediation Plan
Immediate Action: Apply the latest firmware update from D-Link for the DIR-513 router to patch the vulnerable goform endpoints.
Proactive Monitoring: Audit network logs for suspicious POST requests to the /goform/ directory and monitor for unauthorized administrative access to the router.
Compensating Controls: Restrict access to the router’s web management interface and implement strong firewall rules to limit exposure of the device to the public internet.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of March 4, 2026, there is no public information indicating active exploitation. Stack overflows in web-facing parameters are a classic and highly effective attack vector for home and small-office routers.
Analyst Recommendation
Immediate action is required to patch or replace the affected D-Link DIR-513 routers. Because this vulnerability can be exploited without authentication, it represents a high-priority risk that could lead to the full compromise of the local network infrastructure.
Update D-Link DIR to the latest version. Monitor for exploitation attempts and review access logs.
A stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter in formAutoDetecWAN_wizard4 allows unauthenticated attackers to potentially...
A stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter in formAutoDetecWAN_wizard4 allows unauthenticated attackers to potentially execute code.
---METADATA---
VENDOR: D-Link
PRODUCT: DIR-513
AFFECTED_VERSIONS: v1.10
---END_METADATA---
Description Summary:
A stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter in formAutoDetecWAN_wizard4 allows unauthenticated attackers to potentially execute code.
Executive Summary:
The D-Link DIR-513 router is vulnerable to a critical stack buffer overflow that could allow unauthenticated remote attackers to execute arbitrary code and seize control of the device.
Vulnerability Details
CVE-ID: CVE-2025-70220
Affected Software: D-Link DIR-513
Affected Versions: v1.10
Vulnerability: A stack-based buffer overflow exists in the goform/formAutoDetecWAN_wizard4 endpoint. By sending an overlong string to the curTime parameter, an unauthenticated remote attacker can overflow the stack, leading to a denial of service or arbitrary code execution.
Business Impact
With a CVSS score of 9.8, this vulnerability poses a severe threat to network security. An attacker who gains control of the router can redirect traffic, perform man-in-the-middle attacks, or use the device as a jumping-off point for attacks on the internal network. This could lead to the compromise of all connected devices and sensitive data.
Remediation Plan
Immediate Action: Update the D-Link DIR-513 firmware to the latest available version or replace the device if it has reached end-of-life (EOL).
Proactive Monitoring: Monitor the router for frequent reboots or unusual configuration changes, which may indicate exploitation attempts.
Compensating Controls: Disable remote management of the router and ensure the web interface is only accessible from the local network.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of March 4, 2026, there is no public information indicating active exploitation. However, buffer overflows in D-Link routers are frequently exploited by automated botnets.
Analyst Recommendation
D-Link routers are common targets for automated attacks. It is critical to apply the latest firmware updates immediately. If the device is no longer supported by the vendor, it should be decommissioned and replaced with a modern, supported alternative to mitigate the risk of remote takeover.
Update D-Link DIR to the latest version. Monitor for exploitation attempts and review access logs.
A vulnerability classified as critical has been found in D-Link DIR-513 1
A vulnerability classified as critical has been found in D-Link DIR-513 1
A vulnerability was found in D-Link DI-8100 16
A vulnerability was found in D-Link DI-8100 16
D-Link Router DIR-868L A1 FW106KRb01
D-Link Router DIR-868L A1 FW106KRb01
Executive Summary:
A high-severity vulnerability has been identified in multiple D-Link router products, including the DIR-868L model. This flaw could allow a remote attacker to execute arbitrary commands on an affected device, potentially leading to a full system compromise, interception of network traffic, and unauthorized access to the internal network.
Vulnerability Details
CVE-ID: CVE-2025-63932
Affected Software: D-Link Multiple Products
Affected Versions: The specific version D-Link DIR-868L A1 with firmware FW106KRb01 is confirmed to be vulnerable. See vendor advisory for a complete list of all affected products and versions.
Vulnerability: This vulnerability is a command injection flaw within the router's web-based management interface. An attacker with access to the interface can send a specially crafted request containing malicious OS commands to a specific administrative function. The input is not properly sanitized before being passed to the underlying system shell, allowing the injected commands to be executed with the privileges of the router's operating system.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 7.3. Successful exploitation could have a significant business impact by compromising a critical piece of network infrastructure. An attacker could gain complete control of the router, allowing them to monitor, redirect, or block all network traffic, leading to data breaches and loss of confidentiality. The compromised device could also be used as a pivot point to launch further attacks against other systems on the internal network or be co-opted into a botnet for use in larger-scale attacks.
Remediation Plan
Immediate Action: Apply the security updates released by D-Link to all affected devices without delay. This is the most effective method to permanently resolve the vulnerability. After patching, review system and access logs for any signs of compromise that may have occurred prior to the update.
Proactive Monitoring: System administrators should actively monitor for signs of exploitation. This includes reviewing router logs for unusual or unexpected commands, unauthorized configuration changes, and unexpected system reboots. Monitor network traffic for anomalous outbound connections from the router's IP address to unknown or suspicious destinations, which could indicate a command-and-control (C2) channel.
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of November 20, 2025, there are no known public exploits or observed active exploitation attempts targeting this vulnerability in the wild. However, command injection vulnerabilities in networking equipment are often exploited shortly after disclosure. Threat actors are likely to develop proof-of-concept exploits based on the vulnerability details.
Analyst Recommendation
This vulnerability presents a significant risk to network security and integrity. Due to the high severity score and the critical role of routers in network infrastructure, immediate patching of all affected D-Link devices is the top priority and should be treated with urgency. Although this CVE is not currently listed on the CISA KEV catalog, vulnerabilities of this type are prime targets for widespread exploitation. Organizations must prioritize the remediation actions outlined in this report to prevent potential compromise of their network perimeter.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in D-Link DIR-815 1
A vulnerability was found in D-Link DIR-815 1
---METADATA---
VENDOR: D-Link
PRODUCT: DIR-815
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security vulnerability has been discovered in the D-Link DIR-815 router, posing a risk of potential unauthorized access.
Executive Summary:
A high-severity vulnerability in the D-Link DIR-815 router requires immediate attention to prevent potential exploitation and unauthorized access.
Vulnerability Details
CVE-ID: CVE-2025-6328
Affected Software: D-Link DIR-815
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the D-Link DIR-815 series. The flaw involves a security weakness that could be leveraged by an attacker to gain unauthorized control or perform unauthorized operations on the device.
Business Impact
With a CVSS score of 8.8, this vulnerability presents a high risk to network security. Successful exploitation could lead to unauthorized access to sensitive internal data, disruption of network services, and potential compromise of connected clients.
Remediation Plan
Immediate Action: Regularly check the D-Link official support page for security patches and apply them to the DIR-815 as soon as they become available.
Proactive Monitoring: Monitor the device for any performance degradation or unauthorized changes to the system configuration.
Compensating Controls: Disable unnecessary services and ensure the management console is only accessible from a secure, internal network segment.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 19, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Security teams must prioritize the patching of the D-Link DIR-815 router. Immediate action is required to address this vulnerability and secure the network perimeter against potential threats.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in D-Link DIR-825 2
A vulnerability has been found in D-Link DIR-825 2
---METADATA---
VENDOR: D-Link
PRODUCT: DIR-825
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security vulnerability has been identified in the D-Link DIR-825 router, requiring immediate administrative attention to prevent unauthorized access.
Executive Summary:
The D-Link DIR-825 router is affected by a high-severity vulnerability that could allow unauthorized actors to compromise the device.
Vulnerability Details
CVE-ID: CVE-2025-6292
Affected Software: D-Link DIR-825
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the D-Link DIR-825 router. It involves a security flaw that potentially permits unauthorized interaction with the system, likely through the device's administrative web interface.
Business Impact
The CVSS score of 8.8 highlights the severity of this issue, which could result in unauthorized network access and potential data exfiltration. The risk of service disruption and unauthorized control over network traffic makes this a critical concern for IT operations.
Remediation Plan
Immediate Action: Obtain and apply the latest firmware update from the D-Link support website as soon as it is released.
Proactive Monitoring: Audit device logs for any unexplained errors or unauthorized attempts to access the management interface.
Compensating Controls: Employ a Web Application Firewall (WAF) or similar filtering solution to inspect and block malicious traffic directed at the router's management interfaces.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 19, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Organizations should treat this vulnerability with high urgency. It is essential to keep firmware up to date and limit the exposure of the management interface to the public internet to mitigate the threat of exploitation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability, which was classified as critical, was found in D-Link DIR-825 2
A vulnerability, which was classified as critical, was found in D-Link DIR-825 2
---METADATA---
VENDOR: D-Link
PRODUCT: DIR-825
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A critical vulnerability has been identified in the D-Link DIR-825 router, potentially permitting unauthorized system-level actions.
Executive Summary:
A critical-severity vulnerability in the D-Link DIR-825 router presents an urgent risk of unauthorized access to the network infrastructure.
Vulnerability Details
CVE-ID: CVE-2025-6291
Affected Software: D-Link DIR-825
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the D-Link DIR-825 hardware and has been classified as critical. The flaw likely resides within the device's web management interface, potentially allowing an attacker to execute arbitrary code or bypass security constraints.
Business Impact
With a CVSS score of 8.8, this flaw represents a significant threat to internal network integrity. Successful exploitation could lead to full device takeover, enabling attackers to monitor traffic, exfiltrate data, or deploy malicious payloads within the organization's environment.
Remediation Plan
Immediate Action: Monitor D-Link's official advisory page and deploy the recommended firmware update as soon as it is published.
Proactive Monitoring: Monitor network traffic for unusual outbound connections or spikes in traffic that could indicate a compromised device.
Compensating Controls: Utilize network segmentation to isolate the router and restrict management access to a dedicated, secure administrative workstation.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 19, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the critical classification of this vulnerability, administrators should ensure that the affected D-Link DIR-825 devices are not internet-facing. Apply vendor-provided patches immediately upon availability to ensure long-term network security and stability.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability classified as critical has been found in D-Link DIR-665 1
A vulnerability classified as critical has been found in D-Link DIR-665 1
---METADATA---
VENDOR: D-Link
PRODUCT: DIR-665
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A critical security flaw has been discovered in the D-Link DIR-665 router, which may expose the device to unauthorized exploitation.
Executive Summary:
The D-Link DIR-665 router is subject to a high-severity vulnerability that could facilitate unauthorized system access or control.
Vulnerability Details
CVE-ID: CVE-2025-6158
Affected Software: D-Link DIR-665
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability, classified as critical, affects the D-Link DIR-665 hardware. While specific technical triggers are not fully detailed, such flaws typically involve command injection or authentication bypass vulnerabilities in the device firmware.
Business Impact
The CVSS score of 8.8 indicates a high risk to organizational security. Compromise of this router could allow an attacker to pivot into the internal network, steal sensitive data, or disrupt business-critical connectivity, leading to severe reputational and operational consequences.
Remediation Plan
Immediate Action: Check the D-Link security portal for relevant firmware updates and apply the latest version to all affected units.
Proactive Monitoring: Review system logs for unauthorized configuration changes or attempts to access administrative functions.
Compensating Controls: Implement firewall rules to block unsolicited inbound traffic to the device's management ports from untrusted networks.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 19, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Security teams must treat this vulnerability with high priority due to its potential for network-level compromise. It is strongly recommended to apply all available vendor patches immediately and verify that administrative interfaces are not exposed to the public internet.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DIR-816A2_FWv1
D-Link DIR-816A2_FWv1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in D-Link DIR-619L 2
A vulnerability was found in D-Link DIR-619L 2
---METADATA---
VENDOR: D-Link
PRODUCT: DIR-619L
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A critical security vulnerability has been identified in the D-Link DIR-619L router, potentially allowing for unauthorized system impact.
Executive Summary:
A high-severity vulnerability in the D-Link DIR-619L router poses a significant risk of unauthorized access or system compromise.
Vulnerability Details
CVE-ID: CVE-2025-6115
Affected Software: D-Link DIR-619L
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the D-Link DIR-619L series, though specific functional details remain limited. Given the nature of router-based flaws, it likely involves insufficient input validation or improper authentication handling.
Business Impact
A successful exploit of this vulnerability could lead to total compromise of the affected routing hardware. With a CVSS score of 8.8, the business impact includes potential interception of network traffic, unauthorized access to internal resources, and significant network downtime, necessitating immediate attention.
Remediation Plan
Immediate Action: Monitor official D-Link support channels for firmware updates and apply them immediately upon release.
Proactive Monitoring: Inspect network traffic logs for anomalous patterns originating from the router's management interface.
Compensating Controls: Restrict access to the device's administrative interface to trusted internal IP addresses only and disable remote management features.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 19, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the critical nature of flaws affecting edge network devices, the potential for exploitation remains high.
Analyst Recommendation
Given the severity of this vulnerability, organizations utilizing the D-Link DIR-619L should prioritize the identification and isolation of these devices. Administrators must maintain strict vigilance and apply vendor-provided patches as soon as they become available to mitigate the risk of unauthorized network access.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in D-Link DIR-619L 2
A vulnerability has been found in D-Link DIR-619L 2
---METADATA---
VENDOR: D-Link
PRODUCT: DIR-619L
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security vulnerability has been identified in the D-Link DIR-619L router, potentially impacting device security and integrity.
Executive Summary:
A significant vulnerability in the D-Link DIR-619L router presents a risk of unauthorized access and potential system compromise.
Vulnerability Details
CVE-ID: CVE-2025-6114
Affected Software: D-Link DIR-619L
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability, while critical in nature, requires immediate attention to address potential weaknesses in the router's firmware that could be exploited by malicious actors.
Business Impact
With a CVSS score of 8.8, this flaw represents a high risk to organizational security. Successful exploitation could allow attackers to gain unauthorized access to the network, potentially leading to the compromise of sensitive data and disruption of network operations.
Remediation Plan
Immediate Action: Visit the D-Link support website to identify and install the latest firmware patch for the DIR-619L.
Proactive Monitoring: Monitor network traffic for unusual patterns and keep a close eye on device management logs for unauthorized access.
Compensating Controls: Implement strict network segmentation and disable all unnecessary remote management features on the router.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 19, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the high severity, it is essential to patch all vulnerable D-Link devices immediately. Administrators should ensure that firmware updates are prioritized to protect the integrity of the network.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in D-Link R15 (AX1500) 1.20.01 and below. By manipulating the model name parameter during a password change request in...
A vulnerability has been found in D-Link R15 (AX1500) 1.20.01 and below. By manipulating the model name parameter during a password change request in the web administrator page, it is possible to trigger a command injection in httpd.
---METADATA---
VENDOR: D-Link
PRODUCT: R15 (AX1500)
AFFECTED_VERSIONS: 1.20.01 and below
CONFIDENCE: high
MISSING: patch, exploit_status
---END_METADATA---
Description Summary:
The D-Link R15 (AX1500) router contains a command injection vulnerability in the httpd service, reachable via the model name parameter during password changes.
Executive Summary:
A critical command injection vulnerability in the D-Link R15 (AX1500) router allows authenticated administrators to execute arbitrary system commands via the web interface.
Vulnerability Details
CVE-ID: CVE-2025-60854
Affected Software: D-Link R15 (AX1500)
Affected Versions: 1.20.01 and below
Vulnerability: The vulnerability exists within the web administrator page where the "model name" parameter is not correctly sanitized. An attacker with administrative access can manipulate this parameter during a password change request to trigger command injection within the httpd daemon.
Business Impact
A CVSS score of 9.8 reflects the severity of full system compromise. If exploited, an attacker could gain complete control over the network device, potentially facilitating lateral movement, man-in-the-middle attacks, or persistent access to the internal network.
Remediation Plan
Immediate Action: Apply the latest firmware update provided by D-Link for the R15 (AX1500) router.
Proactive Monitoring: Review administrative access logs for suspicious activity and monitor for unexpected changes to device configuration or system processes.
Compensating Controls: Restrict access to the router's web administration interface to trusted internal IP addresses only and disable remote management features.
Exploitation Status
Public Exploit Available: Not specified
Analyst Notes: As of Dec 2, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The ability to execute arbitrary commands on network infrastructure is a high-risk scenario. Administrators must apply available patches immediately to mitigate the risk of device takeover. If a patch is not immediately available, ensure the device is isolated from the public internet.
Update A vulnerability has been found in Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1
A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvNetwork
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvNetwork
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DIR600LAx FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetQoS
D-Link DIR600LAx FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetQoS
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLogDnsquery
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLogDnsquery
Executive Summary:
A high-severity buffer overflow vulnerability has been identified in multiple D-Link products, including the DIR-600L router. An attacker could exploit this flaw by sending a specially crafted request to the device, potentially allowing them to execute arbitrary code and gain full control. This could lead to network compromise, data interception, or the device being used in further malicious activities.
Vulnerability Details
CVE-ID: CVE-2025-60570
Affected Software: D-Link Multiple Products
Affected Versions: D-Link DIR-600L Ax firmware version 1.16WWb01. See vendor advisory for a complete list of affected products and versions.
Vulnerability: This vulnerability is a classic buffer overflow that exists in the formLogDnsquery function. An attacker can exploit this by sending a request containing an overly long string in the curTime parameter. The function does not properly validate the length of this input, causing it to write data beyond the boundaries of the allocated memory buffer, which can overwrite adjacent memory structures. A successful exploit could lead to arbitrary code execution with the privileges of the device's firmware, or it could cause a denial-of-service condition by crashing the device.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 7.5. Exploitation could allow an unauthenticated attacker to execute arbitrary code on the affected D-Link device, leading to a complete system compromise. The potential business impact includes the interception of sensitive network traffic, unauthorized access to the internal network, and the use of the compromised device as a pivot point for further attacks or as part of a botnet. This poses a significant risk to data confidentiality, network integrity, and business continuity.
Remediation Plan
Immediate Action: Apply the security updates released by D-Link to all affected devices without delay. After patching, it is critical to monitor for any signs of exploitation attempts and thoroughly review system and access logs for suspicious activity that may have occurred prior to the patch application.
Proactive Monitoring: Security teams should monitor for unusual traffic patterns or malformed requests directed at the device's web management interface, specifically targeting the formLogDnsquery function or containing an abnormally long curTime parameter. Implement IDS/IPS signatures designed to detect buffer overflow attempts. Review device logs for unexpected reboots, crashes, or error messages which could indicate failed exploitation attempts.
Compensating Controls: If immediate patching is not feasible, restrict access to the device's management interface to a trusted internal network or specific administrative IP addresses. Disable remote (WAN) administration unless it is absolutely essential. Consider placing the device behind a Web Application Firewall (WAF) or an Intrusion Prevention System (IPS) that can inspect and block malicious requests targeting this vulnerability.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of the publication date, October 24, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, vulnerabilities in widely deployed SOHO/SME router products like those from D-Link are frequently targeted by threat actors. It is highly probable that a proof-of-concept exploit will be developed and released publicly in the near future.
Analyst Recommendation
Given the high severity (CVSS 7.5) of this vulnerability and the potential for a complete device compromise, organizations must prioritize the immediate patching of all affected D-Link devices. While this CVE is not currently listed on the CISA KEV catalog, its nature as a buffer overflow makes it an attractive and reliable target for attackers. Organizations should treat this as a critical priority and implement the recommended remediation and monitoring actions to prevent a potential network breach.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetRoute
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetRoute
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvFirewall
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvFirewall
Executive Summary:
A high-severity buffer overflow vulnerability has been identified in multiple D-Link products, including the DIR-600L router. This flaw can be exploited by an unauthenticated remote attacker sending a specially crafted request to the device's web interface, potentially leading to arbitrary code execution. Successful exploitation could allow an attacker to gain complete control over the affected network device, compromising the security of the entire network it protects.
Vulnerability Details
CVE-ID: CVE-2025-60568
Affected Software: D-Link Multiple Products
Affected Versions: The vulnerability is confirmed in D-Link DIR-600L Ax firmware version 1.16WWb01. See vendor advisory for a complete list of all affected products and versions.
Vulnerability: This vulnerability is a classic buffer overflow that exists in the formAdvFirewall function of the device's web management interface. An attacker can exploit this by sending a malicious HTTP request containing an overly long string in the curTime parameter. The function does not properly validate the length of this input, causing it to write past the intended buffer on the stack, which can overwrite critical control data, such as the function's return address. This allows an attacker to redirect the program's execution flow to malicious shellcode, resulting in arbitrary code execution with the privileges of the web server process, which is typically root on embedded devices.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 7.5, posing a significant risk to the organization. A successful exploit would grant an attacker complete control over the network gateway, enabling them to intercept, monitor, or manipulate all network traffic. Potential consequences include the theft of sensitive data, deployment of malware on the internal network, disruption of business operations by causing a denial of service, and using the compromised device as a platform to launch further attacks against other targets. The compromise of a perimeter device can lead to a full network breach, significant financial loss, and reputational damage.
Remediation Plan
Immediate Action: Immediately identify all affected D-Link devices within the environment and apply the security updates provided by the vendor. Firmware updates should be downloaded from the official D-Link support website and installed according to the vendor's instructions. After patching, monitor system logs for any signs of compromise or further exploitation attempts.
Proactive Monitoring: System administrators should actively monitor for signs of exploitation. Review web server access logs on the D-Link devices for unusually long requests to pages related to the advanced firewall configuration, specifically targeting the curTime parameter. Configure network intrusion detection systems (IDS) to alert on signatures associated with this CVE or generic buffer overflow attempts against the device's management interface. Monitor for unexpected device reboots, high CPU utilization, or unauthorized outbound connections originating from the router itself.
Compensating Controls: If immediate patching is not feasible, implement the following compensating controls to reduce risk:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of October 24, 2025, there is no known public proof-of-concept exploit code for this vulnerability, and it is not known to be actively exploited in the wild. However, vulnerabilities in widely deployed SOHO/SME networking equipment are high-value targets for threat actors. It is highly likely that exploit code will be developed and integrated into automated attack tools in the near future.
Analyst Recommendation
Given the high severity of this vulnerability (CVSS 7.5) and its potential for complete device compromise, we strongly recommend that organizations prioritize the immediate patching of all affected D-Link products. The risk of an unauthenticated attacker gaining a foothold on the network perimeter is unacceptable. Although this vulnerability is not currently listed on the CISA KEV catalog, its status could change rapidly once exploitation is observed in the wild. If patching cannot be performed immediately, the compensating controls listed above must be implemented without delay to mitigate the immediate threat.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetMACFilter
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetMACFilter
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSchedule
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSchedule
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetLog
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetLog
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetPortTr
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetPortTr
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formWlSiteSurvey
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formWlSiteSurvey
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEmail
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEmail
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetDomainFilter
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetDomainFilter
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formVirtualServ
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formVirtualServ
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEasy_Wizard
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEasy_Wizard
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizard1
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizard1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizardSelectMode
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizardSelectMode
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEnableWizard.
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEnableWizard.
Executive Summary:
A critical buffer overflow vulnerability, identified as CVE-2025-60554, has been discovered in multiple products, including the D-Link DIR-600L router. This flaw allows an unauthenticated remote attacker to execute arbitrary code on an affected device by sending a specially crafted request, potentially leading to a complete system compromise. Given the critical severity rating (CVSS 9.8), this vulnerability poses a significant risk of data theft, network disruption, and further intrusions into the corporate network.
Vulnerability Details
CVE-ID: CVE-2025-60554
Affected Software: Unknown Multiple Products
Affected Versions: The vulnerability is confirmed in D-Link DIR-600L Ax firmware version FW116WWb01. See vendor advisory for specific affected versions of other products.
Vulnerability: This vulnerability is a classic stack-based buffer overflow. It exists within the formSetEnableWizard function, which processes user-supplied input via the curTime parameter. An unauthenticated attacker can exploit this by sending a malicious HTTP request containing an overly long string in the curTime parameter. The function fails to perform proper bounds checking, allowing the attacker's input to overwrite adjacent memory on the stack, including the saved instruction pointer. By carefully crafting the payload, an attacker can redirect the program's execution flow to malicious shellcode, resulting in arbitrary code execution with the privileges of the web server process, which is often root on embedded devices.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8, reflecting the high potential for damage. Successful exploitation allows an attacker to gain complete control over the affected network device. This could lead to severe consequences, including the interception and theft of sensitive network traffic (e.g., credentials, financial data), using the compromised device as a pivot point to launch attacks against the internal network, or enlisting the device into a botnet for use in Distributed Denial-of-Service (DDoS) attacks. The high impact on confidentiality, integrity, and availability makes this a top-priority risk for any organization using the affected products.
Remediation Plan
Immediate Action: Organizations must immediately identify all affected devices and apply the latest firmware or software updates provided by the vendor. Due to the critical nature of this vulnerability, patching should be treated as an emergency change. After patching, monitor systems for any signs of compromise that may have occurred prior to remediation.
Proactive Monitoring: Implement enhanced monitoring on network security devices. Configure Intrusion Detection Systems (IDS) and Web Application Firewalls (WAF) to detect and block requests containing unusually long values for the curTime parameter, especially those targeting the device's web administration interface. Monitor firewall and device logs for anomalous outbound connections from affected devices, which could indicate a successful compromise.
Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of October 24, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, given the nature of buffer overflow vulnerabilities and the high CVSS score, it is highly probable that threat actors will develop a functional exploit in the near future.
Analyst Recommendation
This vulnerability represents a critical risk to the organization. The CVSS score of 9.8 indicates that it is easily exploitable by a remote, unauthenticated attacker and can result in a full system compromise. Although this CVE is not currently listed on the CISA KEV list, its severity makes it a prime candidate for future inclusion. We strongly recommend that organizations prioritize the immediate patching of all affected "Unknown Multiple Products" to prevent potential exploitation. If patching is delayed, compensating controls must be implemented without exception.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard52.
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard52.
Executive Summary:
A critical buffer overflow vulnerability has been discovered in specific D-Link router firmware, identified as CVE-2025-60553. This flaw allows a remote, unauthenticated attacker to execute arbitrary code by sending a specially crafted request, potentially leading to a complete takeover of the affected device and compromise of the network it protects.
Vulnerability Details
CVE-ID: CVE-2025-60553
Affected Software: D-Link DIR-600L (and potentially other products)
Affected Versions: Firmware version FW116WWb01. See vendor advisory for a complete list of affected products and versions.
Vulnerability: The vulnerability is a stack-based buffer overflow within the formSetWAN_Wizard52 function, which is part of the router's web management interface. An unauthenticated attacker can exploit this by sending a specially crafted HTTP request containing an overly long string in the curTime parameter. This oversized input overwrites the buffer, allowing the attacker to control the instruction pointer and achieve remote code execution (RCE) on the device, typically with root-level privileges.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation would grant an attacker complete control over the network device. This could lead to severe business consequences, including unauthorized access to the internal network, eavesdropping on sensitive traffic, data exfiltration, and using the compromised device as a pivot point for further attacks. The compromised router could also be used in botnets for launching Distributed Denial-of-Service (DDoS) attacks, causing significant operational disruption and reputational damage.
Remediation Plan
Immediate Action: Immediately identify all affected devices within the environment and update them to the latest firmware version released by the vendor to patch this vulnerability. Prioritize patching for internet-facing or mission-critical devices. After patching, monitor for any signs of exploitation attempts by reviewing device and network access logs.
Proactive Monitoring:
formSetWAN_Wizard52 function containing unusually long or malformed values for the curTime parameter.Compensating Controls: If patching cannot be immediately deployed, implement the following controls to reduce risk:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of October 24, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, given the critical CVSS score and the straightforward nature of the vulnerability, it is highly likely that threat actors will develop exploits in the near future. This vulnerability is not currently listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Due to the critical severity (CVSS 9.8) of this vulnerability, immediate action is required. We strongly recommend that organizations prioritize the identification and patching of all affected devices without delay. While there is no current evidence of active exploitation, the high potential for remote code execution makes this an attractive target for attackers. In addition to patching, organizations should immediately apply compensating controls, such as restricting access to the management interface, to provide a layered defense and mitigate risk until updates can be fully deployed.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formTcpipSetup
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formTcpipSetup
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the next_page parameter in the function formDeviceReboot
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the next_page parameter in the function formDeviceReboot
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formEasySetTimezone
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formEasySetTimezone
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAutoDetecWAN_wizard4
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAutoDetecWAN_wizard4
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLanSetupRouterSettings.
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLanSetupRouterSettings.
Executive Summary:
A critical remote code execution vulnerability has been discovered in specific D-Link router firmware. This flaw, a buffer overflow, allows an unauthenticated attacker to send a malicious request to the device and gain complete control, posing a significant risk to network security, data confidentiality, and the integrity of internal systems.
Vulnerability Details
CVE-ID: CVE-2025-60548
Affected Software: D-Link DIR-600L and potentially other products.
Affected Versions: Firmware version FW116WWb01 for the D-Link DIR-600L is confirmed to be vulnerable. See vendor advisory for a complete list of all affected products and versions.
Vulnerability: This vulnerability is a classic buffer overflow that exists in the formLanSetupRouterSettings function of the device's web administration interface. An unauthenticated, remote attacker can exploit this flaw by sending a specially crafted HTTP request containing an excessively long string in the curTime parameter. The function fails to properly validate the length of this input, causing a buffer overflow that can overwrite adjacent memory on the stack, ultimately allowing the attacker to execute arbitrary code with the privileges of the device's operating system (typically root).
Business Impact
This vulnerability is rated as critical with a CVSS score of 9.8, reflecting the ease of exploitation and the severe potential impact. Successful exploitation would grant an attacker complete control over the affected network device. This could lead to severe business consequences, including the interception and theft of sensitive data passing through the network, redirection of users to malicious websites, and using the compromised router as a pivot point to launch further attacks against the internal corporate network. The device could also be absorbed into a botnet, consuming network bandwidth and potentially implicating the organization in larger-scale cyberattacks like Distributed Denial-of-Service (DDoS).
Remediation Plan
Immediate Action: Administrators should immediately identify all affected devices within the environment and apply the latest firmware updates provided by the vendor to mitigate this vulnerability. After patching, monitor system logs for any signs of compromise that may have occurred prior to remediation.
Proactive Monitoring:
curTime parameter.Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce the risk of exploitation:
Exploitation Status
Public Exploit Available: False (as of Oct 24, 2025)
Analyst Notes: As of the publication date, October 24, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, due to the critical severity (CVSS 9.8) and the straightforward nature of the flaw, it is highly probable that a functional exploit will be developed and released by security researchers or threat actors in the near future.
Analyst Recommendation
Given the critical severity of this vulnerability, immediate action is required. We strongly recommend that all affected D-Link routers and any other products listed in the vendor advisory be patched without delay. Although this CVE is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its high impact score signifies a significant risk of unauthenticated remote code execution. Prioritizing the remediation of this vulnerability is essential to prevent a complete compromise of the network perimeter.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard7
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard7
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A NULL pointer dereference in the SetWLanRadioSettings function of D-Link DIR-823G A1 v1
A NULL pointer dereference in the SetWLanRadioSettings function of D-Link DIR-823G A1 v1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DIR-823G A1 v1
D-Link DIR-823G A1 v1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Buffer overflow vulnerability in D-Link DI-7100G 2020-02-21 in the sub_451754 function of the jhttpd service in the viav4 parameter allowing attackers...
Buffer overflow vulnerability in D-Link DI-7100G 2020-02-21 in the sub_451754 function of the jhttpd service in the viav4 parameter allowing attackers to cause a denial of service or execute arbitrary code
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command injection vulnerability in the fileaccess.cgi component....
D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command injection vulnerability in the fileaccess.cgi component. The endpoint /dws/api/UploadFile accepts a pre_ap...
Executive Summary:
A critical vulnerability has been discovered in certain D-Link router firmware, allowing an unauthenticated attacker to execute arbitrary commands and gain complete control of the device. Successful exploitation could lead to total network compromise, data theft, and service disruption. Due to the ease of exploitation and critical severity, immediate action is required to mitigate this threat.
Vulnerability Details
CVE-ID: CVE-2025-55583
Affected Software: D-Link DIR-868L B1 Router (and potentially other products)
Affected Versions: Firmware version FW2.05WWB02. See vendor advisory for a complete list of affected products and versions.
Vulnerability: This is an unauthenticated operating system (OS) command injection vulnerability. The flaw exists within the fileaccess.cgi component, specifically at the /dws/api/UploadFile endpoint. An attacker on the same network can send a specially crafted request to this endpoint without needing any credentials, embedding malicious OS commands within a request parameter. The router's underlying operating system fails to properly sanitize this input and executes the commands with system-level privileges, granting the attacker full administrative control over the device.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. A successful exploit would have a severe impact on business operations, confidentiality, and integrity. An attacker could gain complete control of the network gateway, allowing them to intercept, monitor, or redirect all internet traffic, steal sensitive credentials and data, pivot to attack other internal network devices, or use the compromised router as part of a botnet for larger attacks. The risk extends beyond data loss to include significant reputational damage and potential regulatory penalties.
Remediation Plan
Immediate Action: Immediately identify all affected D-Link devices and update them to the latest patched firmware version provided by the vendor. After patching, monitor device logs for any signs of compromise that may have occurred prior to the update, specifically reviewing access logs for unusual requests to fileaccess.cgi.
Proactive Monitoring:
/dws/api/UploadFile or fileaccess.cgi endpoints, paying close attention to requests originating from untrusted IP addresses or containing unusual patterns.Compensating Controls:
If immediate patching is not feasible, implement the following controls:
/dws/api/UploadFile endpoint.Exploitation Status
Public Exploit Available: False
Analyst Notes: As of the publication date of this vulnerability (Aug 28, 2025), there are no known public proof-of-concept exploits or active exploitation campaigns in the wild. However, given the critical severity and the fact that it is an unauthenticated vulnerability, it is highly probable that threat actors will develop exploits in the near future.
Analyst Recommendation
This vulnerability poses a critical and immediate threat to the security of any network using the affected devices. Given the CVSS score of 9.8, organizations must treat the remediation of this vulnerability as their highest priority. Although this CVE is not yet on the CISA KEV list, its characteristics make it an attractive target for widespread exploitation. We strongly recommend applying the vendor-supplied patches immediately and implementing the suggested monitoring controls to detect and prevent any potential compromise.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
D-Link DCS-825L firmware v1
D-Link DCS-825L firmware v1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DCS-825L firmware version 1
D-Link DCS-825L firmware version 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The administrator password setting of the D-Link DIR-820L 1
The administrator password setting of the D-Link DIR-820L 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DI-8100 16
D-Link DI-8100 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goa...
An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file
Update An issue Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
D-Link DI-8300 v16
D-Link DI-8300 v16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DI-8300 v16
D-Link DI-8300 v16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DIR-823X Command Injection Vulnerability - Active in CISA KEV catalog.
D-Link DIR-823X Command Injection Vulnerability - Active in CISA KEV catalog.
FEDERAL DEADLINE: May 7, 2026 (13 days). Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. FEDERAL DEADLINE: May 7, 2026 (13 days). Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Deadline: May 7, 2026
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
D-Link DSL-7740C with firmware DSL7740C
D-Link DSL-7740C with firmware DSL7740C
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DSL-7740C with firmware DSL7740C
D-Link DSL-7740C with firmware DSL7740C
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Incorrect access control in the DELT_file.xgi endpoint of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to modify arbitra...
Incorrect access control in the DELT_file.xgi endpoint of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to modify arbitrary settings within the device's XML database, incl...
---METADATA---
VENDOR: D-Link
PRODUCT: DSL-7740C
AFFECTED_VERSIONS: DSL7740C.V6.TR069.20211230
CONFIDENCE: high
MISSING: patch
---END_METADATA---
Description Summary:
An incorrect access control vulnerability in the DELT_file.xgi endpoint of D-Link DSL-7740C allows unauthenticated attackers to modify arbitrary settings within the device's XML database.
Executive Summary:
A critical access control flaw in D-Link DSL-7740C firmware allows unauthenticated remote attackers to modify device configurations, potentially leading to full system compromise.
Vulnerability Details
CVE-ID: CVE-2025-29515
Affected Software: D-Link DSL-7740C
Affected Versions: DSL7740C.V6.TR069.20211230
Vulnerability: The vulnerability exists in the DELT_file.xgi endpoint, which fails to perform sufficient access control checks. This allows an unauthenticated attacker to inject or modify settings in the device's XML database.
Business Impact
The ability for an attacker to modify arbitrary settings in the device configuration poses a severe risk to network integrity and confidentiality. With a CVSS score of 9.8, this vulnerability could be leveraged to redirect traffic, disable security features, or create backdoors, resulting in total loss of control over the affected network infrastructure.
Remediation Plan
Immediate Action: Contact D-Link support or check the official support portal for a firmware update addressing this vulnerability.
Proactive Monitoring: Monitor network traffic for unusual requests directed at the .xgi endpoints and review device configuration logs for unauthorized changes.
Compensating Controls: Restrict access to the device management interface to trusted IP addresses only and ensure the device is not exposed directly to the public internet.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of Aug 25, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the critical CVSS severity of 9.8, administrators should prioritize the mitigation of this vulnerability. If an official patch is not immediately available, isolating the affected device from external networks is essential to prevent unauthorized configuration tampering.
Update Incorrect access control in the Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the conf...
Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request...
---METADATA---
VENDOR: D-Link
PRODUCT: DSL-7740C
AFFECTED_VERSIONS: DSL7740C.V6.TR069.20211230
CONFIDENCE: high
MISSING: patch
---END_METADATA---
Description Summary:
An incorrect access control vulnerability in the config.xgi function of D-Link DSL-7740C allows unauthenticated attackers to download sensitive configuration files via crafted web requests.
Executive Summary:
A critical access control vulnerability in D-Link DSL-7740C firmware permits unauthenticated attackers to exfiltrate sensitive configuration data, including potential credentials.
Vulnerability Details
CVE-ID: CVE-2025-29514
Affected Software: D-Link DSL-7740C
Affected Versions: DSL7740C.V6.TR069.20211230
Vulnerability: The config.xgi function lacks proper authentication enforcement, enabling unauthenticated remote attackers to retrieve the device configuration file. This file often contains sensitive information required for further exploitation of the network.
Business Impact
Successful exploitation allows an attacker to gain deep insight into the internal network configuration, including administrative credentials and connection settings. Given the 9.8 CVSS score, this represents a high-impact breach of confidentiality that could facilitate lateral movement and further compromise of the internal environment.
Remediation Plan
Immediate Action: Verify if a firmware update is available from the vendor and apply it immediately to restrict unauthorized access to configuration endpoints.
Proactive Monitoring: Review web server access logs for repeated requests to the config.xgi endpoint originating from unauthorized sources.
Compensating Controls: Implement strict network access control lists (ACLs) to block external access to the device's management functions.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of Aug 25, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability presents a significant risk to sensitive information. Administrators must treat this as a high-priority item and ensure that the management interface of the DSL-7740C is not reachable from untrusted networks until a vendor-supplied patch is successfully deployed.
Update Incorrect access control in the Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the...
A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Executive Summary:
A critical remote code execution vulnerability, identified as CVE-2025-15194, affects end-of-life D-Link DIR-600 routers. An unauthenticated remote attacker can exploit this flaw by sending a malicious web request to take complete control of the device, potentially leading to network compromise, data theft, and further internal attacks. Since the product is no longer supported, no patch is available, making immediate device replacement the only effective remediation.
Vulnerability Details
CVE-ID: CVE-2025-15194
Affected Software: D-Link DIR-600
Affected Versions: All firmware versions up to and including 2.15WWb02
Vulnerability: This vulnerability is a stack-based buffer overflow within the HTTP Header Handler component of the device's web server. A remote, unauthenticated attacker can trigger the overflow by sending a specially crafted HTTP request to the hedwig.cgi file containing an overly long Cookie header. Successful exploitation overwrites critical data on the stack, allowing the attacker to execute arbitrary code with the privileges of the web server on the device, resulting in a full system compromise.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Exploitation could lead to a complete compromise of the affected network device, allowing an attacker to gain a foothold in the network perimeter. Potential consequences include interception and redirection of network traffic, eavesdropping on sensitive communications, launching attacks against internal network assets, and incorporating the compromised device into a botnet for use in larger-scale attacks like DDoS. For an organization, this represents a significant risk of data breaches, operational disruption, and reputational damage.
Remediation Plan
Immediate Action: The affected product is end-of-life and no longer supported by the vendor; therefore, no security patch will be released. The primary remediation is to immediately decommission and replace all vulnerable D-Link DIR-600 devices with a currently supported product. Until replacement is possible, restrict all access to the device's web management interface from the internet (WAN).
Proactive Monitoring: Monitor network traffic for anomalous requests targeting the hedwig.cgi file, particularly those with unusually large or malformed Cookie headers. Network intrusion detection systems (IDS) should be configured with signatures to detect known exploit attempts. Review firewall and web server logs for connections to the device's management interface from untrusted or external IP addresses.
Compensating Controls: If the device cannot be immediately replaced, implement the following controls:
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of the publication date of Dec 29, 2025, a functional exploit for this vulnerability has been publicly disclosed. Given that the vulnerability affects unsupported, end-of-life hardware, these devices are prime targets for automated scanning and exploitation by threat actors for botnet recruitment and initial access to networks.
Analyst Recommendation
Due to the critical severity (CVSS 9.8), the availability of a public exploit, and the lack of a vendor patch, this vulnerability poses an immediate and unacceptable risk. We strongly recommend that all D-Link DIR-600 routers be identified and removed from the environment as a top priority. While this CVE is not currently on the CISA KEV list, its characteristics make it a likely candidate for widespread exploitation, and organizations should treat its remediation with the utmost urgency.
Update A vulnerability was found in Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in D-Link DWR-M920 up to 1
A vulnerability was detected in D-Link DWR-M920 up to 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in D-Link DWR-M920 up to 1
A security flaw has been discovered in D-Link DWR-M920 up to 1
Executive Summary:
A high-severity vulnerability has been identified in multiple D-Link products, including the DWR-M920 router. This flaw could allow a remote, unauthenticated attacker to take complete control of an affected device, potentially leading to network traffic interception, service disruption, or unauthorized access to the internal network. Organizations are urged to apply vendor-supplied patches immediately to mitigate this significant security risk.
Vulnerability Details
CVE-ID: CVE-2025-15190
Affected Software: D-Link Multiple Products
Affected Versions: D-Link DWR-M920 firmware versions up to and including 1.00. See vendor advisory for a complete list of other affected products and versions.
Vulnerability: The vulnerability is a command injection flaw within the web management interface of the affected devices. An unauthenticated attacker can send a specially crafted HTTP request to a specific endpoint on the device's web server. The device fails to properly sanitize user-supplied input within this request, allowing the attacker to inject and execute arbitrary operating system commands with root-level privileges, resulting in a full compromise of the device.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. Successful exploitation poses a significant risk to the organization. An attacker gaining root-level control of a network gateway device can intercept, modify, or redirect all network traffic, leading to data theft of sensitive information. The compromised device could also be used as a pivot point to launch further attacks against the internal network, or be enrolled in a botnet for use in larger-scale attacks like Distributed Denial of Service (DDoS). The potential consequences include data breaches, network outages, and reputational damage.
Remediation Plan
Immediate Action: Apply vendor-provided security updates immediately to all affected D-Link devices. After patching, it is crucial to monitor for any signs of post-compromise activity by reviewing system and access logs for unusual or unauthorized connections that may have occurred prior to remediation.
Proactive Monitoring: Implement enhanced monitoring on network segments with affected devices. Security teams should look for:
Compensating Controls: If patching cannot be immediately deployed, implement the following controls to reduce the risk of exploitation:
Exploitation Status
Public Exploit Available: False (as of December 30, 2025)
Analyst Notes: As of the publication date, there is no known public proof-of-concept exploit code or active exploitation of this vulnerability in the wild. However, vulnerabilities in widely deployed networking equipment are prime targets for threat actors. It is highly probable that an exploit will be developed and released publicly, increasing the risk of widespread attacks.
Analyst Recommendation
Given the High severity (CVSS 8.8) of this vulnerability, immediate action is required to prevent potential compromise. The primary recommendation is to apply the security updates provided by D-Link to all affected devices without delay. Although this CVE is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its characteristics make it a likely candidate for future inclusion. If immediate patching is not feasible, organizations must implement the recommended compensating controls, particularly restricting all external access to the device's management interface, to mitigate the immediate risk of exploitation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in D-Link DWR-M920 up to 1
A vulnerability was identified in D-Link DWR-M920 up to 1
Executive Summary:
A high-severity vulnerability has been discovered in multiple D-Link networking products, including the DWR-M920 router. This flaw allows a remote, unauthenticated attacker to take complete control of an affected device by sending a specially crafted network request. Due to the critical nature of this vulnerability and the ease of exploitation, immediate patching is required to prevent potential network compromise, data theft, and service disruption.
Vulnerability Details
CVE-ID: CVE-2025-15189
Affected Software: D-Link Multiple Products
Affected Versions: D-Link DWR-M920 firmware versions up to and including 1.x. See vendor advisory for a complete list of other affected products and versions.
Vulnerability: The vulnerability is an unauthenticated command injection flaw in the web management interface of the affected devices. A specific component of the interface fails to properly sanitize user-supplied input before passing it to the underlying operating system for execution. An attacker can exploit this by sending a specially crafted HTTP request to the vulnerable endpoint, embedding arbitrary OS commands which are then executed with the privileges of the root user. Exploitation requires no prior authentication and only needs network access to the device's management portal.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. Successful exploitation grants an attacker complete administrative control over the affected networking device, leading to significant business risks. An attacker could intercept, modify, or reroute all network traffic (confidentiality and integrity), leading to data breaches or phishing attacks. The device could be rendered inoperable, causing a denial of service (availability). Furthermore, a compromised router can be used as a persistent foothold to launch further attacks against other systems on the internal network.
Remediation Plan
Immediate Action: Apply vendor-provided security updates immediately to all affected D-Link devices. Prioritize patching for devices that are internet-facing or manage critical network segments. After patching, monitor for any unusual activity and review access logs for signs of compromise that may have occurred prior to the update.
Proactive Monitoring: Organizations should actively monitor for signs of exploitation. Review web server access logs on the D-Link devices for unusual or malformed requests, particularly those targeting system diagnostic or configuration pages. Monitor network traffic for unexpected outbound connections from the devices to unknown IP addresses, which could indicate a command-and-control channel. Set up alerts for unexpected device reboots or configuration changes.
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce the risk of exploitation:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of December 30, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, vulnerabilities in networking equipment are frequently reverse-engineered by security researchers and threat actors. It is highly probable that a functional proof-of-concept exploit will become publicly available in the near future, increasing the likelihood of widespread attacks.
Analyst Recommendation
This vulnerability represents a significant risk to the network perimeter and internal infrastructure. Given the high CVSS score of 8.8, which reflects a critical flaw that can be exploited remotely without authentication, immediate action is paramount. While this CVE is not currently on the CISA Known Exploited Vulnerabilities (KEV) catalog, its characteristics make it a prime target for future inclusion should exploitation become widespread. We strongly recommend that all organizations identify affected D-Link devices in their environments and apply the vendor-supplied patches or mitigating controls on an emergency basis.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in D-Link DIR-605 202WWB03
A vulnerability was detected in D-Link DIR-605 202WWB03
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03
A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03
Executive Summary:
A high-severity vulnerability has been identified in multiple D-Link router models, allowing an unauthenticated remote attacker to execute arbitrary code. Successful exploitation could lead to a complete compromise of the affected device, enabling attackers to intercept network traffic, disrupt services, or gain a foothold into the internal network. Organizations are urged to apply the vendor-provided security patches immediately to mitigate this critical risk.
Vulnerability Details
CVE-ID: CVE-2025-14659
Affected Software: D-Link Multiple Products
Affected Versions: DIR-860LB1 firmware version 203b01/203b03, DIR-868LB1 firmware version 203b01/203b03
Vulnerability: The vulnerability is an unauthenticated command injection flaw within the web management interface of the affected D-Link routers. An attacker can send a specially crafted HTTP request to a specific API endpoint on the device. Due to insufficient input sanitization, malicious commands can be embedded within a request parameter, which are then executed on the underlying operating system with root privileges. Exploitation does not require any prior authentication or user interaction.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. A successful exploit could have a significant business impact by allowing an attacker to take full control of the network device. Potential consequences include the theft of sensitive data passing through the router, disruption of internet connectivity and critical business operations, and using the compromised router as a pivot point to launch further attacks against the internal corporate network. The reputational damage and financial loss resulting from a data breach or service outage could be substantial.
Remediation Plan
Immediate Action: Apply the vendor-provided security updates to all affected D-Link devices immediately. After patching, monitor device logs and network traffic for any signs of compromise or further exploitation attempts. Review historical access logs for any suspicious activity preceding the patch deployment.
Proactive Monitoring: Implement enhanced monitoring for affected devices. Scrutinize web server logs for unusual or malformed HTTP requests, particularly those targeting administrative API endpoints. Monitor for unexpected outbound network connections from the routers, abnormal CPU or memory usage, and the presence of unauthorized processes or files on the device.
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce the risk of exploitation:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of December 15, 2025, there are no known public proof-of-concept exploits or active attacks targeting this vulnerability. However, due to the high severity and relative simplicity of command injection flaws, the development of exploit code by security researchers and threat actors is highly probable in the near future.
Analyst Recommendation
Given the high CVSS score of 8.8, this vulnerability presents a critical risk to the organization. Although it is not currently listed on the CISA KEV catalog and no active exploitation has been observed, its unauthenticated and remote nature makes it an attractive target for attackers. We strongly recommend that organizations prioritize the immediate deployment of vendor security patches across all affected assets. If patching is delayed, compensating controls must be implemented without exception to limit the attack surface.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in D-Link DIR-852 1
A vulnerability was identified in D-Link DIR-852 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in D-Link DWR-M920 1
A weakness has been identified in D-Link DWR-M920 1
Executive Summary:
A critical vulnerability has been identified in multiple D-Link products, allowing an unauthenticated remote attacker to execute arbitrary code on affected devices. Successful exploitation could grant an attacker complete control over the network router, enabling them to intercept traffic, access the internal network, or launch further attacks. This represents a significant risk to network security and data confidentiality.
Vulnerability Details
CVE-ID: CVE-2025-13553
Affected Software: D-Link Multiple Products
Affected Versions: See vendor advisory for specific affected versions. The D-Link DWR-M920 is confirmed to be affected.
Vulnerability: This vulnerability is an unauthenticated command injection flaw in the web-based management interface of the affected devices. An attacker can send a specially crafted HTTP request to a specific administrative endpoint without needing valid credentials. This request can include malicious shell commands that are then executed by the underlying operating system with the highest level of privileges, effectively giving the attacker full control over the device.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. A compromised network gateway device poses a direct and severe threat to the organization. An attacker could leverage this access to monitor, redirect, or block all incoming and outgoing internet traffic, leading to data theft, espionage, and significant business disruption. Furthermore, the compromised router can serve as a pivot point for attackers to gain access to the internal corporate network, bypass perimeter defenses, and compromise sensitive internal systems, posing a critical risk to data confidentiality, integrity, and availability.
Remediation Plan
Immediate Action: Identify all affected D-Link devices on the network and apply the vendor-provided security updates immediately. Prioritize patching for devices that are internet-facing or manage critical network segments. After patching, monitor for any signs of exploitation attempts and review historical access logs for indicators of compromise.
Proactive Monitoring:
Compensating Controls:
If immediate patching is not feasible:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of November 23, 2025, there is no known public exploit code available. However, given the nature of command injection vulnerabilities, it is highly probable that threat actors will develop exploits in the near future. Network edge devices like routers are high-value targets for attackers seeking to establish a persistent foothold in a network.
Analyst Recommendation
This vulnerability represents a critical risk and must be addressed with the highest priority. Due to the high CVSS score of 8.8 and the strategic importance of the affected network devices, immediate action is required. Although this CVE is not currently listed on the CISA KEV list, its severity warrants treating it as an actively targeted vulnerability. We strongly recommend that the organization follows the remediation plan immediately to prevent a potential network compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1
A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1
Executive Summary:
A high-severity vulnerability has been identified in certain D-Link router models, carrying a CVSS score of 8.8. This flaw could allow an unauthenticated remote attacker to execute arbitrary code and gain complete control over an affected device. Successful exploitation could lead to network traffic interception, data theft, or the compromise of the entire network connected to the device.
Vulnerability Details
CVE-ID: CVE-2025-13552
Affected Software: D-Link Multiple Products
Affected Versions: D-Link DIR-822K, DWR-M920. See vendor advisory for specific affected firmware versions.
Vulnerability: This vulnerability is an unauthenticated remote code execution (RCE) flaw in the web management interface of the affected devices. An attacker can exploit this by sending a specially crafted HTTP request to the device's web server. The flaw exists due to improper input validation in a specific service, allowing an attacker to inject and execute arbitrary system commands with root-level privileges without needing any prior authentication.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. A successful exploit would grant an attacker complete administrative control over the affected network hardware. This could lead to severe business consequences, including the interception of sensitive internal and external network traffic, redirection of users to malicious websites for phishing attacks, and using the compromised device as a pivot point to attack other systems on the internal network. Furthermore, the compromised router could be enlisted into a botnet to conduct Distributed Denial-of-Service (DDoS) attacks, potentially causing reputational damage and service disruption.
Remediation Plan
Immediate Action: Identify all affected D-Link devices within the environment and apply the security updates provided by the vendor immediately. After patching, it is crucial to monitor for any signs of compromise that may have occurred prior to remediation by reviewing system and access logs for unauthorized activity.
Proactive Monitoring: Implement enhanced monitoring of network traffic to and from the affected devices. Specifically, look for unusual inbound connection attempts to the web management interface, unexpected device reboots, unauthorized configuration changes, or suspicious outbound traffic originating from the routers. Network Intrusion Detection Systems (NIDS) should be updated with signatures for this vulnerability if available.
Compensating Controls: If immediate patching is not feasible, implement the following controls as a temporary measure:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of November 23, 2025, there is no known public proof-of-concept exploit code, and there are no confirmed reports of this vulnerability being actively exploited in the wild. However, given the high severity score and the prevalence of these devices, it is highly probable that threat actors will develop and deploy exploits in the near future.
Analyst Recommendation
Given the high severity (CVSS 8.8) of this unauthenticated remote code execution vulnerability, we strongly recommend that organizations prioritize the immediate patching of all affected D-Link devices. Although this CVE is not currently on the CISA KEV list, its critical nature makes it an attractive target for attackers. The risk of complete network compromise necessitates urgent action. If patching cannot be performed immediately, the compensating controls listed above must be implemented without delay to reduce the attack surface.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in D-Link DIR-822K and DWR-M920 1
A vulnerability was identified in D-Link DIR-822K and DWR-M920 1
Executive Summary:
A high-severity vulnerability has been discovered in certain D-Link router models, which could allow an unauthenticated remote attacker to take complete control of affected devices. Successful exploitation poses a significant risk to network security, potentially leading to data interception, unauthorized access to the internal network, and service disruption. Organizations are urged to apply vendor-supplied security patches immediately to mitigate this threat.
Vulnerability Details
CVE-ID: CVE-2025-13551
Affected Software: D-Link Multiple Products
Affected Versions: The vulnerability is confirmed in D-Link DIR-822K and DWR-M920. See vendor advisory for specific affected firmware versions.
Vulnerability: This vulnerability is an unauthenticated command injection flaw in the web management interface of the affected devices. An attacker can exploit this by sending a specially crafted HTTP request to the device, which contains malicious commands embedded within a legitimate parameter. The device's firmware fails to properly sanitize this input, allowing the injected commands to be executed on the underlying operating system with root-level privileges, giving the attacker full control over the router.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. A successful exploit could have a severe impact on business operations. An attacker gaining control of a network gateway device can intercept sensitive data, pivot to attack other systems on the internal network, disrupt internet connectivity, or incorporate the device into a botnet for use in larger attacks like Distributed Denial of Service (DDoS). This can result in data breaches, financial loss, operational downtime, and significant reputational damage.
Remediation Plan
Immediate Action: Identify all vulnerable D-Link DIR-822K and DWR-M920 devices on the network and apply the security updates provided by the vendor immediately. This is the most effective method to permanently resolve the vulnerability.
Proactive Monitoring: Review device and network logs for any signs of compromise. Look for unusual access attempts to the web management interface, unexpected outbound connections from the routers, or unexplained configuration changes. Monitor network traffic for patterns consistent with command-and-control (C2) communication or scanning activity originating from the devices.
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce the risk of exploitation:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of November 23, 2025, there are no known public exploits or active, in-the-wild exploitation campaigns targeting this vulnerability. However, given the high severity and the nature of the flaw (unauthenticated remote code execution), it is highly probable that threat actors will develop an exploit in the near future.
Analyst Recommendation
Given the high CVSS score of 8.8, immediate patching is the most critical action to prevent compromise. We strongly recommend that organizations prioritize the identification and patching of all affected D-Link devices. While this vulnerability is not currently listed on the CISA KEV catalog, its high severity makes it a likely candidate for future inclusion and a valuable target for attackers. Proactive application of vendor patches and implementation of compensating controls are essential to protect the network boundary from a potential breach.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in D-Link DIR-822K and DWR-M920 1
A vulnerability was determined in D-Link DIR-822K and DWR-M920 1
Executive Summary:
A high-severity vulnerability has been identified in multiple D-Link router models, allowing a remote, unauthenticated attacker to potentially execute arbitrary code and take full control of an affected device. Successful exploitation could lead to a complete compromise of network security, enabling attackers to intercept sensitive data, pivot to internal networks, or disrupt connectivity. Organizations are urged to apply vendor-supplied security patches immediately to mitigate this critical risk.
Vulnerability Details
CVE-ID: CVE-2025-13550
Affected Software: D-Link Multiple Products
Affected Versions: D-Link DIR-822K, DWR-M920. See vendor advisory for specific affected firmware versions.
Vulnerability: This vulnerability is a remote code execution (RCE) flaw in the web management interface of the affected D-Link routers. The flaw exists due to insufficient input validation when processing certain unauthenticated HTTP requests. An unauthenticated attacker on the same network segment (or on the internet, if remote management is enabled) can send a specially crafted packet to the device's web server, triggering a buffer overflow and allowing for the execution of arbitrary code with root privileges.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. A successful exploit would grant an attacker complete control over the network router, which acts as a critical gateway. The potential consequences include interception and theft of all unencrypted network traffic, redirection of users to malicious websites (DNS hijacking), gaining an initial foothold for lateral movement into the corporate network, and using the compromised device as part of a larger botnet for launching DDoS attacks. This poses a significant risk of data breaches, financial loss, operational disruption, and reputational damage.
Remediation Plan
Immediate Action:
Proactive Monitoring:
Compensating Controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes:
As of November 23, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, vulnerabilities in widely deployed networking equipment are frequently and rapidly weaponized by threat actors for use in botnets and targeted attacks. The lack of current public exploitation should not diminish the urgency of remediation.
Analyst Recommendation
Given the high CVSS score of 8.8 and the critical role these devices play in network security, this vulnerability represents a significant threat. Although it is not currently listed on the CISA KEV catalog, its severity makes it a prime candidate for future inclusion. We strongly recommend that organizations prioritize the immediate patching of all affected D-Link devices. If patching must be delayed, the compensating controls outlined above, particularly disabling and restricting access to the management interface, must be implemented without delay to reduce the attack surface.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in D-Link DIR-822K 1
A vulnerability was found in D-Link DIR-822K 1
Executive Summary:
A high-severity vulnerability has been discovered in multiple D-Link products, including the DIR-822K router. This flaw allows a remote attacker to potentially take full control of affected devices without authentication. Successful exploitation could lead to network traffic interception, unauthorized access to the internal network, and deployment of malware.
Vulnerability Details
CVE-ID: CVE-2025-13549
Affected Software: D-Link Multiple Products
Affected Versions: See vendor advisory for a complete list of affected products and versions, including specific firmware for the D-Link DIR-822K.
Vulnerability: The vulnerability, rated with a CVSS score of 8.8, likely stems from a flaw such as command injection or a buffer overflow within the device's web management interface. An unauthenticated attacker on the same network (or remotely, if the management interface is exposed to the internet) can send a specially crafted request to the device. This allows the attacker to execute arbitrary code with the highest privileges, effectively gaining complete control over the networking device.
Business Impact
This vulnerability is classified as High severity with a CVSS score of 8.8. Exploitation could have a significant business impact by compromising the network perimeter. An attacker could intercept sensitive data passing through the router, pivot to attack other systems on the internal network, disrupt internet connectivity, or use the compromised device in a larger botnet for malicious activities. This poses a direct risk to data confidentiality, operational continuity, and the overall security posture of the organization.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by D-Link immediately across all affected devices. After patching, review device administration and access logs for any signs of compromise that may have occurred prior to the update.
Proactive Monitoring: Monitor network traffic for unusual outbound connections originating from the D-Link devices. System administrators should also monitor for unauthorized configuration changes, unexpected device reboots, and suspicious login attempts in the management interface logs.
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce the risk of exploitation:
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of November 23, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, due to the high severity and the widespread deployment of D-Link products, security researchers and threat actors are likely to develop proof-of-concept exploits in the near future.
Analyst Recommendation
Given the high CVSS score of 8.8, this vulnerability presents a critical risk and requires immediate attention. Organizations must prioritize the deployment of the vendor-supplied patches, focusing first on devices with management interfaces exposed to the internet. Although CVE-2025-13549 is not currently on the CISA KEV list, its severity makes it a likely candidate for future inclusion. We strongly recommend applying patches or compensating controls within the next 72 hours to prevent potential compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in D-Link DIR-822K and DWR-M920 1
A vulnerability has been found in D-Link DIR-822K and DWR-M920 1
Executive Summary:
A high-severity vulnerability has been discovered in certain D-Link network devices, which could allow a remote, unauthenticated attacker to take complete control of an affected router. Successful exploitation could lead to network traffic interception, deployment of malware on the internal network, or service disruption. Organizations are urged to apply vendor-supplied security updates immediately to mitigate this critical risk.
Vulnerability Details
CVE-ID: CVE-2025-13548
Affected Software: D-Link Multiple Products
Affected Versions: D-Link DIR-822K, DWR-M920. See vendor advisory for specific affected firmware versions.
Vulnerability: The vulnerability is an unauthenticated command injection flaw within the web-based management interface of the affected devices. An attacker can send a specially crafted HTTP request to a specific administrative endpoint without needing to provide any credentials. This request can contain arbitrary operating system commands which are not properly sanitized by the device, leading to their execution with root-level privileges. This allows a remote attacker with network access to the device's web interface to gain full administrative control.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. Successful exploitation allows an attacker to gain complete control over the affected network device, which often serves as a gateway to the internal network. The potential consequences include interception and redirection of sensitive network traffic, deployment of malware or ransomware, using the compromised device as a pivot point for further attacks into the corporate network, and disruption of internet connectivity, leading to operational downtime. The device could also be co-opted into a botnet for use in larger-scale attacks against other targets.
Remediation Plan
Immediate Action: Organizations must apply the security updates provided by D-Link immediately to all affected devices. After patching, it is crucial to monitor for any signs of compromise by reviewing system and access logs for unusual activity that occurred prior to the patch deployment.
Proactive Monitoring: Monitor network traffic for anomalous outbound connections originating from the D-Link devices. Review web server access logs on the devices for suspicious requests, particularly those containing shell metacharacters (e.g., ;, |, &&, $(...)). If possible, centralize device logs to a SIEM to correlate and alert on suspicious command execution or unauthorized configuration changes.
Compensating Controls: If patching cannot be performed immediately, restrict access to the device's web management interface to a trusted management network or specific IP addresses. If remote management is not a business requirement, disable it entirely. Consider placing the device behind a Web Application Firewall (WAF) with rulesets designed to block common command injection attempts.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of November 23, 2025, there are no known public exploits for this vulnerability. However, given the high severity and the straightforward nature of command injection flaws, it is highly probable that proof-of-concept (PoC) exploits will be developed and released by security researchers or malicious actors in the near future. The vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Due to the high CVSS score of 8.8 and the critical risk of unauthenticated remote code execution, this vulnerability poses a significant threat to the network perimeter and internal security. We strongly recommend that all affected D-Link devices be patched on an emergency basis. While this vulnerability is not yet on the CISA KEV list, its severity makes it a prime target for future exploitation. If immediate patching is not feasible, implement the compensating controls outlined above, particularly restricting access to the management interface, to urgently reduce the attack surface.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in D-Link DIR-822K and DWR-M920 1
A flaw has been found in D-Link DIR-822K and DWR-M920 1
Executive Summary:
A high-severity vulnerability has been discovered in multiple D-Link router models, allowing a remote attacker to potentially take full control of the device without any credentials. Successful exploitation could lead to data theft, network disruption, or using the compromised device to attack other systems. Immediate patching is critical to mitigate this significant security risk.
Vulnerability Details
CVE-ID: CVE-2025-13547
Affected Software: D-Link Multiple Products
Affected Versions: Specific versions of D-Link DIR-822K and DWR-M920. See vendor advisory for a complete list of affected versions and firmware.
Vulnerability: The vulnerability is an unauthenticated command injection flaw within the web management interface of the affected devices. A remote attacker can send a specially crafted HTTP request to the device's web server. This request can contain arbitrary operating system commands, which are then executed on the device with the highest level of privileges (root), allowing the attacker to gain complete control.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. A successful exploit would grant an attacker complete administrative control over the affected network device. This could lead to severe consequences, including the interception of sensitive network traffic, disruption of internet connectivity (Denial of Service), and using the compromised router as a foothold to launch further attacks against the internal network. The compromised device could also be co-opted into a botnet for use in broader malicious campaigns, posing a reputational risk to the organization.
Remediation Plan
Immediate Action: Apply the security updates provided by D-Link to all affected devices immediately. After patching, it is crucial to monitor for any signs of exploitation attempts by reviewing firewall and device access logs for unusual or malicious activity that may have occurred prior to the update.
Proactive Monitoring: Security teams should monitor network traffic for anomalous outbound connections originating from the affected routers. Review web server logs on the devices for suspicious requests, specifically looking for patterns indicative of command injection, such as shell metacharacters (e.g., ;, |, &&, $()) in request parameters.
Compensating Controls: If patching cannot be performed immediately, disable remote administration access from the internet. If remote access is required, restrict it to a limited set of trusted IP addresses via firewall rules. Network segmentation should be considered to isolate the vulnerable devices from critical internal assets.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of November 23, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, due to the high severity and the relative ease of exploitation for unauthenticated command injection flaws in network devices, proof-of-concept code is likely to be developed and published by security researchers or threat actors in the near future.
Analyst Recommendation
This vulnerability presents a critical risk that requires immediate attention. Given the CVSS score of 8.8, which signifies a highly impactful and easily exploitable flaw, organizations must prioritize the deployment of vendor-supplied patches. Although this CVE is not currently on the CISA KEV list, vulnerabilities of this nature are prime targets for automated attacks. We strongly recommend identifying and patching all affected D-Link devices without delay to prevent a network compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1
A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1
A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in D-Link DIR-816L 2_06_b09_beta
A vulnerability was determined in D-Link DIR-816L 2_06_b09_beta
Executive Summary:
A high-severity vulnerability has been identified in multiple D-Link products, allowing an unauthenticated remote attacker to potentially execute arbitrary code and gain full control of affected devices. Successful exploitation of this vulnerability could lead to a complete compromise of the network device, enabling attackers to intercept traffic, access the internal network, and launch further attacks. Organizations are strongly advised to apply the vendor-supplied security patches immediately to mitigate this significant risk.
Vulnerability Details
CVE-ID: CVE-2025-13191
Affected Software: D-Link Multiple Products
Affected Versions: The vulnerability is confirmed in firmware version 2_06_b09_beta for the D-Link DIR-816L. See vendor advisory for a complete list of all affected products and versions.
Vulnerability: This vulnerability is a command injection flaw in the web management interface of the affected devices. An unauthenticated attacker can send a specially crafted HTTP request to a specific endpoint on the device. Due to insufficient input validation, the attacker's payload is passed directly to the underlying operating system and executed with root privileges, resulting in remote code execution (RCE).
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8, posing a critical risk to the organization. A successful exploit would grant an attacker complete control over the compromised network device. This could lead to severe consequences, including unauthorized access to sensitive internal network resources, interception and theft of network traffic (data exfiltration), disruption of network services, and the use of the compromised device as a pivot point for further attacks against the internal network or as part of a botnet.
Remediation Plan
Immediate Action: Apply the vendor-provided security updates to all affected D-Link devices immediately. After patching, it is crucial to monitor for any signs of post-patch exploitation attempts and review device access logs for any anomalous or unauthorized activity that may have occurred prior to remediation.
Proactive Monitoring: Security teams should actively monitor for indicators of compromise. This includes inspecting network traffic for unusual outbound connections from D-Link devices, checking web server logs on the devices for suspicious requests containing shell metacharacters, and monitoring for unexpected system reboots or configuration changes.
Compensating Controls: If immediate patching is not feasible, implement the following controls as a temporary measure:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of November 15, 2025, there are no known public proof-of-concept exploits for this vulnerability. However, given the high severity and the relative simplicity of command injection flaws, it is highly probable that threat actors are actively working to reverse-engineer the patch and develop a functional exploit.
Analyst Recommendation
Due to the high CVSS score of 8.8, this vulnerability presents a critical threat and must be addressed with urgency. Although CVE-2025-13191 is not currently listed on the CISA KEV catalog, its severity makes it a prime candidate for future inclusion and active exploitation. We strongly recommend that organizations prioritize the immediate patching of all affected D-Link devices. If patching cannot be performed immediately, the compensating controls listed above must be implemented without delay to reduce the attack surface.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in D-Link DIR-816L 2_06_b09_beta
A vulnerability was found in D-Link DIR-816L 2_06_b09_beta
Executive Summary:
A high-severity vulnerability has been identified in multiple D-Link products, allowing a remote, unauthenticated attacker to potentially execute arbitrary code on affected devices. Successful exploitation could grant an attacker complete control over the network router, leading to data interception, network disruption, or unauthorized access to the internal network.
Vulnerability Details
CVE-ID: CVE-2025-13190
Affected Software: D-Link Multiple Products
Affected Versions: D-Link DIR-816L firmware version 2_06_b09_beta is confirmed affected. See vendor advisory for a complete list of affected products and versions.
Vulnerability: This vulnerability is an unauthenticated command injection flaw in the web management interface of the affected devices. An attacker can exploit this by sending a specially crafted HTTP request to the device, which injects and executes arbitrary operating system commands with root-level privileges. No prior authentication or user interaction is required for a successful attack.
Business Impact
This vulnerability presents a high severity risk with a CVSS score of 8.8. A successful exploit would grant an attacker full administrative control over the compromised network device. This could lead to severe consequences, including the interception of sensitive network traffic, denial-of-service conditions, and using the compromised device as a pivot point to launch further attacks against the internal corporate network. The operational disruption and potential for data exfiltration pose a significant risk to business continuity and data confidentiality.
Remediation Plan
Immediate Action: Apply the security updates provided by the vendor across all affected D-Link devices immediately. After patching, review device access and system logs for any signs of compromise that may have occurred prior to remediation.
Proactive Monitoring: Implement enhanced monitoring of network traffic to and from the management interfaces of D-Link devices. Specifically, look for unusual outbound connections, unexpected configuration changes, or anomalous activity in web server logs that could indicate exploitation attempts or a successful compromise.
Compensating Controls: If immediate patching is not feasible, restrict access to the device's web management interface from the internet. If remote management is necessary, limit access to a trusted set of IP addresses via firewall rules. Network segmentation should also be employed to limit the potential impact of a compromised device on other critical network assets.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of November 15, 2025, there are no known public proof-of-concept exploits or active exploitation of this vulnerability in the wild. However, due to the high severity and low complexity of the attack, threat actors are likely to develop and deploy exploits rapidly by reverse-engineering the available patches.
Analyst Recommendation
Given the high severity (CVSS 8.8) and the potential for complete device takeover, immediate action is required. Although this vulnerability is not currently on the CISA Known Exploited Vulnerabilities (KEV) catalog, its characteristics make it a prime target for future exploitation. Organizations are strongly advised to prioritize patching all affected D-Link devices without delay. If patching is not immediately possible, implement the recommended compensating controls to reduce the attack surface and mitigate risk.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in D-Link DIR-816L 2_06_b09_beta
A vulnerability has been found in D-Link DIR-816L 2_06_b09_beta
Executive Summary:
A high-severity vulnerability has been identified in multiple D-Link products, including the DIR-816L router. This flaw could allow an unauthenticated remote attacker to execute arbitrary commands on affected devices, leading to a complete system compromise. Successful exploitation poses a significant risk to network integrity, data confidentiality, and could allow attackers to gain a foothold into the internal network.
Vulnerability Details
CVE-ID: CVE-2025-13189
Affected Software: D-Link Multiple Products
Affected Versions: D-Link DIR-816L firmware version 2_06_b09_beta is confirmed vulnerable. See vendor advisory for a complete list of affected products and versions.
Vulnerability: This vulnerability is a command injection flaw within the web management interface of the affected devices. An unauthenticated attacker can send a specially crafted HTTP request to a specific administrative endpoint. The device fails to properly sanitize user-supplied input within this request, allowing the attacker to inject and execute arbitrary operating system commands with the privileges of the root user.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. A successful exploit would grant an attacker complete control over the affected network device. The potential consequences include interception of network traffic, unauthorized access to the internal network, disruption of network services (Denial of Service), and the ability to use the compromised device as a pivot point for further attacks or to incorporate it into a botnet. This poses a direct risk to data confidentiality, operational continuity, and the overall security posture of the organization.
Remediation Plan
Immediate Action: Apply the security updates provided by D-Link to all affected devices immediately. Prioritize patching for devices with management interfaces exposed to the internet. After patching, review device access logs for any signs of compromise that may have occurred before the update was applied.
Proactive Monitoring: Monitor network traffic for unusual outbound connections originating from the D-Link devices. Review web server logs on the devices for suspicious GET or POST requests to administrative CGI scripts or endpoints, especially those containing shell metacharacters (e.g., ;, |, &, $( )). Set up alerts for unexpected device reboots or configuration changes.
Compensating Controls: If immediate patching is not feasible, restrict access to the device's web management interface. Ensure the interface is not exposed to the internet and is only accessible from a trusted, isolated management network segment. Implement firewall rules or Access Control Lists (ACLs) to block all untrusted traffic to the device's management ports (e.g., TCP/80, TCP/443).
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of November 15, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, given the high severity and the nature of the flaw (unauthenticated remote code execution), it is highly probable that a functional exploit will be developed and released by security researchers or malicious actors in the near future.
Analyst Recommendation
Due to the critical risk posed by this vulnerability (CVSS 8.8), we strongly recommend that organizations identify all affected D-Link devices within their environment and apply the vendor-supplied patches with the highest priority. While this CVE is not currently on the CISA KEV list, its high impact makes it a prime candidate for future inclusion if widespread exploitation occurs. If patching is delayed, the compensating controls outlined above must be implemented immediately to reduce the attack surface.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Affected by this vulnerability is the function authenticationcgi_main of the file /auth...
A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Affected by this vulnerability is the function authenticationcgi_main of the file /authentication.cgi. Performing manipulation of the argument Password results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Executive Summary:
A critical vulnerability has been identified in certain D-Link router models, allowing a remote, unauthenticated attacker to gain complete control of the device. This flaw is due to a stack-based buffer overflow and is easily exploitable, with a public exploit already available. As the affected products are no longer supported by the vendor, they cannot be patched, posing a significant and permanent risk to network security.
Vulnerability Details
CVE-ID: CVE-2025-13188
Affected Software: D-Link DIR-816L
Affected Versions: DIR-816L firmware version 2_06_b09_beta. Other versions may also be affected; see vendor advisory for specific details.
Vulnerability: A remote, unauthenticated stack-based buffer overflow vulnerability exists in the authenticationcgi_main function of the device's web server. An attacker can send a specially crafted POST request to the /authentication.cgi endpoint with an excessively long string in the Password parameter. This overflows the buffer on the stack, allowing the attacker to overwrite critical program data and execute arbitrary code on the device, likely with root privileges.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation allows an attacker to gain full administrative control over the affected router. This can lead to severe consequences, including interception of all network traffic (man-in-the-middle attacks), unauthorized access to the internal network, deployment of malware, and using the compromised device as part of a botnet for launching further attacks like Distributed Denial-of-Service (DDoS). For a business, this translates to data breaches, network downtime, and a compromised network perimeter.
Remediation Plan
Immediate Action: The vendor no longer supports the affected product, meaning no security patches will be released. The primary and most effective remediation is to immediately decommission and replace the affected D-Link DIR-816L devices with a supported model. Until replacement is complete, restrict all external access to the device's management interface.
Proactive Monitoring: Monitor network traffic for anomalous POST requests to the /authentication.cgi file, specifically looking for requests with abnormally long values for the Password parameter. Review firewall and web server logs for connection attempts to this endpoint from untrusted external sources. Monitor the device for unusual outbound traffic, which could indicate a successful compromise.
Compensating Controls: If immediate replacement is not possible, implement the following controls as a temporary measure:
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of the publication date of Nov 14, 2025, a functional public exploit is available for this vulnerability. The End-of-Life (EOL) status of the hardware means that it will remain permanently vulnerable, making it an attractive target for attackers scanning for low-effort targets.
Analyst Recommendation
Given the critical severity (CVSS 9.8), the availability of a public exploit, and the End-of-Life status of the product, this vulnerability represents an unacceptable risk. We strongly recommend that all identified D-Link DIR-816L routers be immediately removed from the network and replaced with currently supported hardware. Compensating controls should be considered a temporary bridge to replacement and not a long-term solution. While not currently on the CISA KEV list, its characteristics make it a prime candidate for inclusion, and organizations should treat it with the highest priority.
Update A vulnerability was detected in Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A weakness has been identified in D-Link DIR-852 up to 20251002
A weakness has been identified in D-Link DIR-852 up to 20251002
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in D-Link DI-7001 MINI 24
A security vulnerability has been detected in D-Link DI-7001 MINI 24
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in D-Link DI-7100G C1 up to 20250928
A vulnerability has been found in D-Link DI-7100G C1 up to 20250928
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in D-Link DI-7100G C1 up to 20250928
A flaw has been found in D-Link DI-7100G C1 up to 20250928
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in D-Link DIR-513 A1FW110
A security vulnerability has been detected in D-Link DIR-513 A1FW110
A vulnerability was found in D-Link DCS-935L up to 1
A vulnerability was found in D-Link DCS-935L up to 1
A security flaw has been discovered in D-Link DIR-825 up to 2
A security flaw has been discovered in D-Link DIR-825 up to 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in D-Link DIR-825 1
A vulnerability was found in D-Link DIR-825 1
Executive Summary:
A high-severity vulnerability has been discovered in multiple D-Link products, allowing an unauthenticated remote attacker to gain complete control over affected devices. Successful exploitation could lead to network traffic interception, unauthorized access to the internal network, and the deployment of malware, posing a significant risk to network security and data confidentiality. Immediate patching is required to mitigate the threat of a full system compromise.
Vulnerability Details
CVE-ID: CVE-2025-10034
Affected Software: D-Link Multiple Products
Affected Versions: See vendor advisory for a complete list of affected products and versions. The D-Link DIR-825 is a known affected model.
Vulnerability: This vulnerability is a remote command injection flaw in the web management interface of the affected devices. An unauthenticated attacker can send a specially crafted HTTP request to a specific service endpoint on the device. Due to insufficient input sanitization, malicious shell commands can be embedded within the request parameters, which are then executed by the underlying operating system with root-level privileges, resulting in a complete compromise of the device.
Business Impact
This vulnerability presents a High severity risk with a CVSS score of 8.8. Exploitation could have a significant business impact, including a complete loss of confidentiality, integrity, and availability of the network segment protected by the device. An attacker could intercept sensitive data, pivot to attack other systems on the internal network, disrupt internet connectivity, or incorporate the compromised device into a botnet for use in larger attacks like Distributed Denial-of-Service (DDoS). This can lead to data breaches, operational downtime, and reputational damage.
Remediation Plan
Immediate Action: Apply vendor-supplied security updates to all affected D-Link devices immediately, prioritizing those with management interfaces exposed to the internet. After patching, review device access logs for any signs of compromise that may have occurred prior to the update.
Proactive Monitoring: Monitor network traffic for anomalous outbound connections from affected devices. Review web server logs on the devices for suspicious requests containing shell metacharacters (e.g., ;, |, &&, $()). Implement alerts for unusual spikes in CPU or memory utilization on these devices, which could indicate malicious activity.
Compensating Controls: If immediate patching is not feasible, implement the following controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of September 7, 2025, there are no known public exploits or reports of this vulnerability being actively exploited in the wild. However, due to the high severity and the relative simplicity of exploiting command injection flaws, it is highly probable that threat actors will develop and release proof-of-concept code in the near future.
Analyst Recommendation
Given the high CVSS score of 8.8, this vulnerability requires immediate attention. Organizations must prioritize the deployment of the vendor-provided patches across all affected D-Link devices. Although this CVE is not currently listed on the CISA KEV list, its severity makes it a strong candidate for future inclusion. If patching cannot be performed immediately, the compensating controls outlined above must be implemented as a matter of urgency to reduce the attack surface and mitigate the risk of a network compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DIR-859 Router Path Traversal Vulnerability - Active in CISA KEV catalog.
D-Link DIR-859 Router Path Traversal Vulnerability - Active in CISA KEV catalog.
Executive Summary:
A critical path traversal vulnerability, identified as CVE-2024-0769, exists in the D-Link DIR-859 router. This flaw allows an unauthenticated attacker with network access to read sensitive files on the device, which could expose administrative credentials and lead to a complete system compromise. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed this vulnerability is being actively exploited in the wild, posing an immediate and severe threat to organizations using this hardware.
Vulnerability Details
CVE-ID: CVE-2024-0769
Affected Software: D-Link DIR-859 Router
Affected Versions: See vendor advisory for specific affected versions.
Vulnerability: This vulnerability is a path traversal (also known as "directory traversal") flaw in the router's web management interface. An unauthenticated remote attacker can exploit this by sending a specially crafted HTTP request containing "dot-dot-slash" (../) sequences to the device. This technique allows the attacker to bypass access controls and navigate outside of the intended web server root directory, enabling them to read arbitrary files from the router's underlying file system. Successful exploitation could grant access to sensitive files such as /etc/passwd, configuration backups, or system logs containing credentials.
Business Impact
The business impact of this vulnerability is rated as Critical, with a CVSS score of 9.5. Exploitation can lead to a severe security breach with significant operational consequences. An attacker could retrieve administrative credentials, Wi-Fi passwords, and detailed network configuration, effectively gaining full control over the router. This compromised device could then be used to launch man-in-the-middle attacks to intercept or alter network traffic, serve as a pivot point to attack other internal network assets, or be conscripted into a botnet. The inclusion in the CISA KEV catalog confirms active exploitation, meaning the risk is not theoretical but an immediate and ongoing threat.
Remediation Plan
Immediate Action: All organizations must take immediate action to address this vulnerability. Per CISA's directive for federal agencies, the deadline for remediation is extremely short: FEDERAL DEADLINE: July 15, 2025 (5 days). Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. If a patch from D-Link is available, it must be applied immediately. If no patch or mitigation is available, the device must be disconnected from the network and decommissioned.
Proactive Monitoring: Monitor web server access logs on the router for any requests containing path traversal sequences (e.g., ../, %2e%2e%2f). Network traffic should be analyzed for anomalous outbound connections from the router, which could indicate data exfiltration or command-and-control (C2) communication. Monitor for any unauthorized configuration changes or unexpected system reboots.
Compensating Controls: If patching cannot be performed immediately, implement the following controls to reduce the risk of exploitation:
Exploitation Status
Public Exploit Available: True
Analyst Notes: As of June 24, 2025, this vulnerability is confirmed to be actively exploited in the wild, evidenced by its inclusion in the CISA Known Exploited Vulnerabilities (KEV) catalog. Threat actors are actively scanning for and targeting vulnerable D-Link DIR-859 routers. The primary goal of these attacks is likely to gain initial access to corporate or home networks for data theft, espionage, or to expand botnet operations. The short deadline set by CISA highlights the widespread and critical nature of this threat.
Analyst Recommendation
Given the critical severity (CVSS 9.5) and confirmed active exploitation in the wild, this vulnerability requires immediate and decisive action. We recommend that organizations immediately identify all D-Link DIR-859 routers within their environment using asset inventory systems. The primary course of action must be to apply the vendor-supplied patch or firmware update without delay, treating this as an emergency change. If a patch is not available, the only acceptable alternative is to immediately isolate the devices from the network and begin the process of replacing them. Due to its KEV status, failing to remediate this vulnerability presents an unacceptable risk of network compromise.
FEDERAL DEADLINE: July 15, 2025 (6 days). Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Deadline: July 15, 2025
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
D-Link DSL-124 ME_1
D-Link DSL-124 ME_1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DAP-1325 firmware version 1
D-Link DAP-1325 firmware version 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
D-Link DNR-322L Download of Code Without Integrity Check Vulnerability - Active in CISA KEV catalog.
D-Link DNR-322L Download of Code Without Integrity Check Vulnerability - Active in CISA KEV catalog.
FEDERAL DEADLINE: August 25, 2025 (21 days). Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. FEDERAL DEADLINE: August 25, 2025 (21 days). Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Deadline: August 25, 2025
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
D-Link Routers Buffer Overflow Vulnerability - Active in CISA KEV catalog.
D-Link Routers Buffer Overflow Vulnerability - Active in CISA KEV catalog.
FEDERAL DEADLINE: December 28, 2025 (20 days). Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. FEDERAL DEADLINE: December 28, 2025 (20 days). Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Deadline: December 28, 2025
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability - Active in CISA KEV catalog.
D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability - Active in CISA KEV catalog.
FEDERAL DEADLINE: August 25, 2025 (21 days). Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. FEDERAL DEADLINE: August 25, 2025 (21 days). Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Deadline: August 25, 2025
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability - Active in CISA KEV catalog.
D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability - Active in CISA KEV catalog.
FEDERAL DEADLINE: August 25, 2025 (21 days). Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. FEDERAL DEADLINE: August 25, 2025 (21 days). Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Deadline: August 25, 2025
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1
An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1
---METADATA---
VENDOR: D-Link
PRODUCT: Routers (DIR-300)
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
An OS command injection vulnerability exists in multiple D-Link router models, potentially allowing unauthorized remote code execution.
Executive Summary:
A critical OS command injection vulnerability in D-Link routers poses a severe risk of unauthorized remote code execution and full system compromise.
Vulnerability Details
CVE-ID: CVE-2013-10050
Affected Software: D-Link Routers
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability involves an OS command injection flaw within the device firmware, which may be triggered by an attacker to execute arbitrary system commands. The authentication requirements remain unconfirmed; however, such flaws typically do not require elevated privileges if reachable via the WAN interface.
Business Impact
The ability to inject OS commands allows an attacker to gain full control over the network gateway. This risk carries a CVSS score of 8.8, indicating a high severity that could lead to complete network interception, traffic redirection, and exfiltration of sensitive internal data, resulting in significant operational downtime.
Remediation Plan
Immediate Action: Identify and inventory all affected D-Link hardware and apply the latest firmware updates provided by the vendor immediately.
Proactive Monitoring: Monitor network traffic for unusual outbound connections or shell-like commands originating from the router's management interface.
Compensating Controls: Restrict management interface access to trusted internal IP addresses only and disable remote administration features (WAN-side) where possible.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 27, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the high CVSS score, this vulnerability represents a significant threat to network integrity. IT administrators must prioritize patching these devices or replacing them if they are end-of-life, as they serve as the primary perimeter defense for the local network.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: D-Link
PRODUCT: DI-8100
AFFECTED_VERSIONS: 16.07.26A1
---END_METADATA---
Description Summary:
A buffer overflow vulnerability in the D-Link DI-8100 POST parameter handler allows remote attackers to execute arbitrary code via the url_rule.asp function.
Executive Summary:
A critical buffer overflow vulnerability in D-Link DI-8100 routers poses a severe risk of remote code execution and full device compromise.
Vulnerability Details
CVE-ID: CVE-2026-7854
Affected Software: D-Link DI-8100
Affected Versions: 16.07.26A1
Vulnerability: The vulnerability exists within the
url_rule_aspfunction of the/url_rule.aspcomponent. An unauthenticated remote attacker can trigger a buffer overflow by sending a maliciously crafted POST request to the device.Business Impact
With a CVSS score of 9.8, this vulnerability represents a critical threat to organizational infrastructure. Successful exploitation grants an attacker full control over the affected gateway, potentially enabling lateral movement, traffic interception, and the complete compromise of internal network security.
Remediation Plan
Immediate Action: Update the firmware of the D-Link DI-8100 device to the latest version provided by the manufacturer.
Proactive Monitoring: Inspect network traffic for anomalous POST requests directed at the
/url_rule.asppath and review device logs for signs of unauthorized configuration changes.Compensating Controls: Implement a Web Application Firewall (WAF) or ingress filtering to block malicious POST payloads targeting the vulnerable URL until firmware can be applied.
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of May 5, 2026, public exploits for this vulnerability are available and actively circulating. Given the critical severity and ease of remote exploitation, immediate patching is required to prevent unauthorized access.
Analyst Recommendation
This vulnerability is critical and poses an immediate threat to the perimeter of any network utilizing the affected D-Link hardware. Administrators must prioritize the application of the vendor-supplied security update to neutralize the risk of remote code execution.