D-Link — Vulnerabilities & Security Advisories 764

Browse all 764 CVE security advisories affecting D-Link. AI-powered Chinese analysis, POCs, and references for each vulnerability.

D-Link manufactures networking hardware, primarily consumer-grade routers and wireless access points, serving as a critical infrastructure component for home and small business internet connectivity. The company’s product line has historically been plagued by significant security deficiencies, resulting in 760 recorded Common Vulnerabilities and Exposures. These flaws frequently involve remote code execution, cross-site scripting, and privilege escalation, often stemming from hardcoded credentials or unpatched firmware updates. A notable incident occurred in 2017 when a critical vulnerability allowed attackers to gain administrative control over millions of devices, facilitating large-scale botnet recruitment. The persistent lack of timely security patches and weak default configurations have established a pattern of neglect, leaving users exposed to persistent threats. This track record highlights systemic issues in the development and maintenance lifecycle of D-Link’s network equipment, necessitating rigorous user-side security measures.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-7829	D-Link DNS-1550-04 photocenter_mgr.cgi cgi_del_photo buffer overflow — DNS-120CWE-120	8.8	High	2024-08-15
CVE-2024-7828	D-Link DNS-1550-04 photocenter_mgr.cgi cgi_set_cover buffer overflow — DNS-120CWE-120	8.8	High	2024-08-15
CVE-2024-7715	D-Link DNS-1550-04 photocenter_mgr.cgi sprintf command injection — DNS-120CWE-77	6.3	Medium	2024-08-13
CVE-2024-7436	D-Link DI-8100 msp_info.htm msp_info_htm command injection — DI-8100CWE-77	6.3	Medium	2024-08-03
CVE-2024-7357	D-Link DIR-600 soap.cgi soapcgi_main os command injection — DIR-600CWE-78	6.3	Medium	2024-08-01
CVE-2024-38438	D-Link - CWE-294: Authentication Bypass by Capture-replay — DSL-225CWE-294	9.8	Critical	2024-07-21
CVE-2024-38437	D-Link - CWE-288: Authentication Bypass Using an Alternate Path or Channel — DSL-225CWE-288	9.8	Critical	2024-07-21
CVE-2024-6525	D-Link DAR-7000 decodmail.php deserialization — DAR-7000CWE-502	2.7	Low	2024-07-05
CVE-2024-6045	D-Link router - Hidden Backdoor — G403CWE-912	8.8	High	2024-06-17
CVE-2024-6044	D-Link router - Arbitrary File Reading — G403CWE-22	6.5	Medium	2024-06-17
CVE-2024-5299	D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability — D-ViewCWE-749	8.8^AI	High^AI	2024-05-23
CVE-2024-5298	D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability — D-ViewCWE-749	8.8^AI	High^AI	2024-05-23
CVE-2024-5297	D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability — D-ViewCWE-78	8.8^AI	High^AI	2024-05-23
CVE-2024-5296	D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability — D-ViewCWE-321	9.8^AI	Critical^AI	2024-05-23
CVE-2024-5295	D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability — G416CWE-78	8.8^AI	High^AI	2024-05-23
CVE-2024-5294	D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability — DIR-3040CWE-401	6.5^AI	Medium^AI	2024-05-23
CVE-2024-5293	D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability — DIR-2640CWE-121	8.8^AI	High^AI	2024-05-23
CVE-2024-5292	D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability — Network AssistantCWE-427	7.8^AI	High^AI	2024-05-23
CVE-2024-5291	D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability — DIR-2150CWE-78	8.8^AI	High^AI	2024-05-23
CVE-2024-4965	D-Link DAR-7000-40 resmanage.php os command injection — DAR-7000-40CWE-78	6.3	Medium	2024-05-16
CVE-2024-4964	D-Link DAR-7000-40 urlblist.php unrestricted upload — DAR-7000-40CWE-434	6.3	Medium	2024-05-16
CVE-2024-4963	D-Link DAR-7000-40 url.php unrestricted upload — DAR-7000-40CWE-434	6.3	Medium	2024-05-16
CVE-2024-4962	D-Link DAR-7000-40 resmanage.php unrestricted upload — DAR-7000-40CWE-434	6.3	Medium	2024-05-16
CVE-2024-4961	D-Link DAR-7000-40 onlineuser.php unrestricted upload — DAR-7000-40CWE-434	6.3	Medium	2024-05-16
CVE-2024-4960	D-Link DAR-7000-40 licenseauthorization.php unrestricted upload — DAR-7000-40CWE-434	6.3	Medium	2024-05-16
CVE-2024-4699	D-Link DAR-8000-10 importhtml.php deserialization — DAR-8000-10CWE-502	6.3	Medium	2024-05-10
CVE-2023-37325	D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability — DAP-2622CWE-306	8.1^AI	High^AI	2024-05-07
CVE-2023-35749	D-Link DAP-2622 DDP Firmware Upgrade Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability — DAP-2622CWE-121	8.8^AI	High^AI	2024-05-07
CVE-2023-35757	D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overflow Remote Code Execution Vulnerability — DAP-2622CWE-121	8.8^AI	High^AI	2024-05-07
CVE-2023-35748	D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability — DAP-2622CWE-121	8.8^AI	High^AI	2024-05-07

This page lists every published CVE security advisory associated with D-Link. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

D-Link — Vulnerabilities & Security Advisories 764