CVE-2019-19742
- EPSS 4.59%
- Veröffentlicht 18.12.2019 13:15:11
- Zuletzt bearbeitet 21.11.2024 04:35:17
On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field.
CVE-2019-17353
- EPSS 0.48%
- Veröffentlicht 09.10.2019 12:15:10
- Zuletzt bearbeitet 21.11.2024 04:32:09
An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modif...
- EPSS 94.38%
- Veröffentlicht 27.09.2019 12:15:10
- Zuletzt bearbeitet 07.11.2025 19:37:32
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common i...
CVE-2018-15839
- EPSS 69.66%
- Veröffentlicht 28.08.2018 17:29:01
- Zuletzt bearbeitet 21.11.2024 03:51:32
D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header.
CVE-2018-15875
- EPSS 0.3%
- Veröffentlicht 25.08.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:51:37
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request.
CVE-2018-15874
- EPSS 0.3%
- Veröffentlicht 25.08.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:51:37
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request.
- EPSS 93.99%
- Veröffentlicht 01.05.2015 15:59:01
- Zuletzt bearbeitet 22.10.2025 00:15:39
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.