Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

D-Link — Vulnerabilities & Security Advisories 764

Browse all 764 CVE security advisories affecting D-Link. AI-powered Chinese analysis, POCs, and references for each vulnerability.

D-Link manufactures networking hardware, primarily consumer-grade routers and wireless access points, serving as a critical infrastructure component for home and small business internet connectivity. The company’s product line has historically been plagued by significant security deficiencies, resulting in 760 recorded Common Vulnerabilities and Exposures. These flaws frequently involve remote code execution, cross-site scripting, and privilege escalation, often stemming from hardcoded credentials or unpatched firmware updates. A notable incident occurred in 2017 when a critical vulnerability allowed attackers to gain administrative control over millions of devices, facilitating large-scale botnet recruitment. The persistent lack of timely security patches and weak default configurations have established a pattern of neglect, leaving users exposed to persistent threats. This track record highlights systemic issues in the development and maintenance lifecycle of D-Link’s network equipment, necessitating rigorous user-side security measures.

Top products by D-Link: DAP-2622 DNS-120 DAP-1325 DIR-605L DIR-823X DIR-X3260 DIR-619L DI-8100 G416 DWR-M960 DIR-619L B1 DIR-513 DIR-3040 DIR-2150 DIR-825 D-View DIR-1935 DAR-7000 DAP-1360 DIR-816 DI-7003GV2 DWR-M920 DIR-600L DIR-816 A2 DIR-2640 DNS-320 DIR-618 DSL6740C DAP-2020 DAP-2695
CVE IDTitleCVSSSeverityPublished
CVE-2026-2055 D-Link DIR-605L/DIR-619L DHCP Client Information information disclosure — DIR-605LCWE-200 5.3 Medium2026-02-06
CVE-2026-2054 D-Link DIR-605L/DIR-619L Wifi Setting information disclosure — DIR-605LCWE-200 5.3 Medium2026-02-06
CVE-2026-1744 D-Link DSL-6641K sp_pppoe_user.js doSubmitPPP cross site scripting — DSL-6641KCWE-79 2.4 Low2026-02-02
CVE-2026-1705 D-Link DSL-6641K Web ad_virtual_server_vdsl cross site scripting — DSL-6641KCWE-79 2.4 Low2026-01-30
CVE-2026-1685 D-Link DIR-823X Login sub_40AC74 excessive authentication — DIR-823XCWE-307 3.7 Low2026-01-30
CVE-2026-1625 D-Link DWR-M961 SMS Message formSmsManage sub_4250E0 command injection — DWR-M961CWE-77 6.3 Medium2026-01-29
CVE-2026-1624 D-Link DWR-M961 formLtefotaUpgradeFibocom command injection — DWR-M961CWE-77 6.3 Medium2026-01-29
CVE-2026-1596 D-Link DWR-M961 formLtefotaUpgradeQuectel sub_419920 command injection — DWR-M961CWE-77 6.3 Medium2026-01-29
CVE-2026-1544 D-Link DIR-823X set_mode sub_41E2A0 os command injection — DIR-823XCWE-78 6.3 Medium2026-01-28
CVE-2026-1532 D-Link DCS-700L Music File Upload Service setUploadMusic uploadmusic path traversal — DCS-700LCWE-22 2.4 Low2026-01-28
CVE-2026-1506 D-Link DIR-615 MAC Filter Configuration adv_mac_filter.php os command injection — DIR-615CWE-78 7.2 High2026-01-28
CVE-2026-1505 D-Link DIR-615 URL Filter set_temp_nodes.php os command injection — DIR-615CWE-78 7.2 High2026-01-28
CVE-2026-1448 D-Link DIR-615 Web Management wiz_policy_3_machine.php os command injection — DIR-615CWE-78 7.2 High2026-01-26
CVE-2026-1419 D-Link DCS700l Web Form setDayNightMode command injection — DCS700lCWE-77 4.7 Medium2026-01-26
CVE-2026-23754 D-Link D-View 8 IDOR Allows Credential Disclosure and Account Takeover — D-View 8CWE-639 8.8AIHighAI2026-01-21
CVE-2026-23755 D-Link D-View 8 Installer DLL Preloading via Uncontrolled Search Path — D-View 8CWE-427 7.8AIHighAI2026-01-21
CVE-2026-1125 D-Link DIR-823X set_wifidog_settings sub_412E7C command injection — DIR-823XCWE-77 7.3 High2026-01-18
CVE-2026-0732 D-Link DI-8200G upgrade_filter.asp command injection — DI-8200GCWE-77 6.3 Medium2026-01-08
CVE-2026-0625 D-Link DSL/DIR/DNS Command Injection via DNS Configuration Endpoint — DSL-2640BCWE-306 9.8 -2026-01-05
CVE-2025-15391 D-Link DIR-806A SSDP Request ssdpcgi_main command injection — DIR-806ACWE-77 6.3 Medium2025-12-31
CVE-2025-15357 D-Link DI-7400G+ msp_info.htm command injection — DI-7400G+CWE-77 6.3 Medium2025-12-30
CVE-2025-15245 D-Link DCS-850L Firmware Update Service uploadfirmware path traversal — DCS-850LCWE-22 3.5 Low2025-12-30
CVE-2025-15194 D-Link DIR-600 HTTP Header hedwig.cgi stack-based overflow — DIR-600CWE-121 9.8 Critical2025-12-29
CVE-2025-15193 D-Link DWR-M920 formParentControl sub_423848 buffer overflow — DWR-M920CWE-120 8.8 High2025-12-29
CVE-2025-15192 D-Link DWR-M920 formLtefotaUpgradeQuectel sub_415328 command injection — DWR-M920CWE-77 6.3 Medium2025-12-29
CVE-2025-15191 D-Link DWR-M920 formLtefotaUpgradeFibocom sub_4155B4 command injection — DWR-M920CWE-77 6.3 Medium2025-12-29
CVE-2025-15190 D-Link DWR-M920 formFilter sub_42261C stack-based overflow — DWR-M920CWE-121 8.8 High2025-12-29
CVE-2025-15189 D-Link DWR-M920 formDefRoute sub_464794 buffer overflow — DWR-M920CWE-120 8.8 High2025-12-29
CVE-2023-53974 D-Link DSL-124 ME_1.00 Backup Configuration File Disclosure via Unauthenticated Request — DSL-124 Wireless N300 ADSL2+CWE-306 7.5 High2025-12-22
CVE-2025-14884 D-Link DIR-605 Firmware Update Service command injection — DIR-605CWE-77 7.2 High2025-12-18

This page lists every published CVE security advisory associated with D-Link. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.