These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A high-severity vulnerability, CVE-2026-12174, has been detected in D-Link DCS-935L 1.10.01. The issue affects the snprintf function in the /web/cgi-bin/greece/rhea file of the HTTP Handler component. This vulnerability is caused by manipulation of the 'data' argument, leading to a format string vulnerability. The attack can be launched remotely, and the exploit has been publicly disclosed.
A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least privilege violation. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is assessed as difficult.
CVE-2026-11497 is a medium severity vulnerability in D-Link DCS-5615 1.01.00. The vulnerability affects an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver, allowing for least privilege violation. The attack can be executed remotely and has been disclosed to the public.
A security flaw has been discovered in D-Link DIR-823G 1.0.2B05, specifically in the vsftpd component. This flaw leads to a least privilege violation and can be exploited remotely. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 2.1, indicating a low severity.
A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEI_value causes os command injection. The attack can be initiated remotely.
A command injection vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.
A low-severity vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. The function sub_41C8E8 of the file /boafrm/formSmsManage is affected, allowing for command injection through manipulation of the argument action_value. The attack can be carried out remotely. For more information, refer to [resourceLinkAnnotations id='ref-4'] and [resourceLinkAnnotations id='nvd'].
A stack-based buffer overflow vulnerability exists in the D-Link DI-7001 MINI router firmware up to version 19.09.19A1. The vulnerability is located in the `sprintf` function within the `/httpd_debug.asp` file, a component of the device's API. Manipulation of the `Time` argument can trigger the overflow condition. The attack vector is network-based and the exploit has been publicly disclosed, increasing t [truncated]
CVE-2018-25358 documents an unauthenticated credential disclosure vulnerability in D-Link DIR-601 firmware version 2.02NA. The flaw resides in the /my_cgi.cgi endpoint, which accepts a table_name parameter that can be manipulated to extract sensitive configuration data without authentication. Affected parameters include admin_user, wireless_settings, and wireless_security, which return administrative cred [truncated]
CVE-2026-6947 is a HIGH severity (CVSS 8.7) authentication bypass vulnerability in the DWM-222W USB Wi-Fi Adapter developed by D-Link. The vulnerability allows unauthenticated adjacent network attackers to bypass brute-force protection mechanisms, enabling unlimited login attempts to gain unauthorized control over the device. The weakness is categorized as CWE-307 (Improper Restriction of Excessive Authen [truncated]
CVE-2025-29635 is a D-Link DIR-823X command injection vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2026-04-24. Because it is listed in KEV, defenders should treat it as a high-priority remediation item and follow vendor mitigation guidance or discontinue use of the product if mitigations are unavailable.
CVE-2022-37055 is a D-Link router buffer overflow issue that CISA added to its Known Exploited Vulnerabilities catalog on 2025-12-08. That placement means the issue is considered actively exploited in the wild, so remediation should be treated as urgent. The supplied corpus does not include affected model details or exploit conditions, so validation should come from D-Link and the official CVE/NVD records.
CVE-2022-40799 is a D-Link DNR-322L vulnerability that CISA has placed in the Known Exploited Vulnerabilities catalog. For defenders, the main takeaway is operational: treat any exposed DNR-322L deployment as urgent to assess, mitigate, or retire. The source corpus does not provide a CVSS score or detailed exploit mechanics, so the safest response is to follow vendor guidance, apply any available mitigati [truncated]
CISA added CVE-2020-25079 to the Known Exploited Vulnerabilities catalog on 2025-08-05 for D-Link DCS-2530L and DCS-2670L devices. The listed vulnerability is a command injection issue, and CISA directs organizations to apply vendor mitigations or discontinue use if mitigations are unavailable.
CVE-2020-25078 affects D-Link DCS-2530L and DCS-2670L devices and is described in the supplied corpus only as an unspecified vulnerability. CISA added it to the Known Exploited Vulnerabilities catalog on 2025-08-05, with a remediation due date of 2025-08-26. Because it is KEV-listed, defenders should treat it as a priority exposure even though the public description here does not provide deeper technical detail.
CVE-2013-10050 is a high-severity OS command injection vulnerability affecting multiple D-Link routers, specifically confirmed on DIR-300 revision A with firmware version 1.05 and DIR-615 revision D with firmware version 4.13. The vulnerability resides in the authenticated tools_vct.xgi CGI endpoint, where the pingIp parameter fails to properly sanitize user-supplied input. Attackers with valid credential [truncated]
CVE-2024-0769 is a path traversal vulnerability affecting the D-Link DIR-859 Router and is listed by CISA in the Known Exploited Vulnerabilities catalog. That KEV listing means CISA considers it actively exploited in the wild. Organizations that still use this model should treat it as a high-priority remediation item and follow the vendor’s guidance referenced by CISA.
CVE-2023-25280 is an OS command injection vulnerability affecting the D-Link DIR-820 Router. CISA added it to the Known Exploited Vulnerabilities catalog, and the supplied KEV metadata says the product is end-of-life/end-of-service, so the practical response is to retire it rather than wait for a patch.
CVE-2021-40655 is an information disclosure vulnerability associated with the D-Link DIR-605 router family. CISA added it to the Known Exploited Vulnerabilities catalog on 2024-05-16, and CISA’s guidance says the affected hardware revisions are end-of-life or end-of-service and should be retired and replaced. For organizations that still have DIR-605 devices in service, this is a priority asset-removal an [truncated]
CVE-2014-100005 is a cross-site request forgery vulnerability affecting the D-Link DIR-600 router and is included in CISA's Known Exploited Vulnerabilities catalog. CISA notes that associated hardware revisions have reached end-of-life or end-of-service and should be retired and replaced per vendor instructions.
CVE-2024-3273 is a command injection vulnerability affecting D-Link multiple NAS devices. CISA added the issue to its Known Exploited Vulnerabilities catalog on 2024-04-11, which indicates active exploitation concern. The source guidance is especially important for defenders because the affected hardware revisions are described as legacy products that have reached end-of-life or end-of-service status, wit [truncated]
CVE-2024-3272 is a hard-coded credentials vulnerability affecting D-Link Multiple NAS Devices. CISA added it to the Known Exploited Vulnerabilities catalog on 2024-04-11, which signals known exploitation risk. The KEV notice states the affected hardware revisions are legacy D-Link products that have reached end-of-life or end-of-service and should be retired and replaced per vendor instructions.
CVE-2016-20017 is a command injection vulnerability affecting D-Link DSL-2750B devices and is listed by CISA in the Known Exploited Vulnerabilities catalog. Because it is identified as known exploited, defenders should treat exposure as urgent and follow vendor mitigation guidance or discontinue use if mitigations are not available.
CVE-2019-20500 is a command injection vulnerability affecting the D-Link DWL-2600AP Access Point. CISA added it to the Known Exploited Vulnerabilities catalog on 2023-06-29, which means it should be treated as actively exploited or confirmed exploitable in the wild. The source corpus does not provide a CVSS score, so defenders should rely on exploitation status and asset exposure when prioritizing respons [truncated]
CISA’s Known Exploited Vulnerabilities catalog lists CVE-2019-17621 as a command execution vulnerability affecting the D-Link DIR-859 Router. Because it is on the KEV list, defenders should treat it as urgent and follow vendor remediation guidance. If a fix is not available for the affected deployment, CISA advises discontinuing use of the product.
CVE-2022-26258 is a remote code execution vulnerability affecting the D-Link DIR-820L. CISA has added it to the Known Exploited Vulnerabilities catalog, and the KEV entry says the impacted product is end-of-life and should be disconnected if still in use.
CVE-2018-6530 is a D-Link multiple-routers OS command injection vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2022-09-08. CISA also notes vendor guidance stating that the fix under CVE-2018-20114 properly patches this KEV entry. Because CISA lists known ransomware campaign use, affected D-Link routers should be prioritized for vendor-recommended remediation or removal fro [truncated]
CVE-2011-4723 is a D-Link DIR-300 router issue described as cleartext storage of a password. It is also listed in CISA’s Known Exploited Vulnerabilities catalog, which makes it a defensive priority even though the supplied corpus does not provide deeper technical detail. CISA’s guidance in the KEV entry says the impacted product is end-of-life and should be disconnected if still in use.
CVE-2019-16057 is a remote code execution vulnerability affecting the D-Link DNS-320 storage device. CISA added it to the Known Exploited Vulnerabilities catalog, indicating active exploitation risk, and the KEV entry also notes known ransomware campaign use. Because the impacted product is end-of-life, CISA’s guidance is to disconnect it if it is still in use.
CVE-2021-45382 is a remote code execution vulnerability affecting D-Link Multiple Routers. It was added to CISA’s Known Exploited Vulnerabilities catalog on 2022-04-04, which means defenders should treat it as actively exploited or at least a priority for urgent remediation. CISA’s guidance for the impacted product is especially direct: the device family is end-of-life and should be disconnected if still in use.
CVE-2020-9377 is a D-Link DIR-610 device remote command execution issue that CISA lists in its Known Exploited Vulnerabilities catalog. The CISA entry identifies the impacted product as end-of-life and states that it should be disconnected if still in use. For defenders, this is an urgent exposure-management item rather than a routine patch cycle update.
CVE-2019-16920 is a D-Link Multiple Routers command injection vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2022-03-25. Because it is on the KEV list, organizations should treat it as actively exploited or at least high-risk in the wild and prioritize remediation. CISA’s stated guidance for the impacted product is that it is end-of-life and should be disconnected if still in use.
CVE-2016-11021 is a D-Link DCS-930L device vulnerability described in official records as an OS command injection issue. CISA added it to the Known Exploited Vulnerabilities (KEV) catalog on 2022-03-25, which means it is treated as actively exploited in the wild. The KEV entry also states that the impacted product is end-of-life and should be disconnected if still in use.
CVE-2013-5223 is a cross-site scripting issue affecting the D-Link DSL-2760U gateway and is included in CISA's Known Exploited Vulnerabilities catalog. For defenders, the practical takeaway is straightforward: treat this as an active remediation item, confirm whether any DSL-2760U devices are in use, and apply vendor updates as directed. The supplied corpus does not include a CVSS score, so prioritization [truncated]
CVE-2015-2051 is a D-Link DIR-645 Router remote code execution vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2022-02-10. The impacted product is end-of-life, and CISA’s stated action is to disconnect it if it is still in use. In the supplied official record set, the safest remediation path is removal and replacement rather than relying on a patch.
CVE-2020-29557 is a buffer overflow vulnerability affecting D-Link DIR-825 R1 devices. The most important risk signal in the supplied corpus is that CISA has included this CVE in the Known Exploited Vulnerabilities catalog, which means it should be treated as an actively exploited issue and prioritized for remediation. The available record does not provide technical exploitation details, a CVSS score, or [truncated]
CVE-2020-25506 is a command injection vulnerability affecting the D-Link DNS-320 device. CISA added it to the Known Exploited Vulnerabilities (KEV) catalog on 2021-11-03, which is a strong signal that the issue has been exploited in the wild. The supplied sources do not provide deeper technical detail, but the KEV listing means this should be treated as a high-priority remediation item for any organizatio [truncated]
CVE-2017-5633 is a HIGH-severity CSRF issue in the D-Link DI-524 Wireless Router firmware 9.01. According to NVD, crafted requests to CGI programs can let an attacker trigger admin-password changes, device reboots, and possibly other unspecified effects.