Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

D-link — Vulnerabilities & Security Advisories 779

Browse all 779 CVE security advisories affecting D-link. AI-powered Chinese analysis, POCs, and references for each vulnerability.

D-Link manufactures networking hardware, primarily consumer-grade routers and wireless access points, serving as a critical infrastructure component for home and small business internet connectivity. The company’s product line has historically been plagued by significant security deficiencies, resulting in 760 recorded Common Vulnerabilities and Exposures. These flaws frequently involve remote code execution, cross-site scripting, and privilege escalation, often stemming from hardcoded credentials or unpatched firmware updates. A notable incident occurred in 2017 when a critical vulnerability allowed attackers to gain administrative control over millions of devices, facilitating large-scale botnet recruitment. The persistent lack of timely security patches and weak default configurations have established a pattern of neglect, leaving users exposed to persistent threats. This track record highlights systemic issues in the development and maintenance lifecycle of D-Link’s network equipment, necessitating rigorous user-side security measures.

CVE IDTitleCVSSSeverityPublished
CVE-2026-15270 D-link DIR-823G Web boa.conf least privilege violation — DIR-823GCWE-272 7.5 High2026-07-09
CVE-2026-13545 D-Link DCS-935L POST Parameter setconf.cgi sub_400E40 os command injection — DCS-935LCWE-78 8.8 High2026-06-29
CVE-2026-12174 D-Link DCS-935L HTTP rhea snprintf format string — DCS-935LCWE-134 8.8 High2026-06-13
CVE-2026-11555 D-Link DGS-1100-08PD Web boa.conf least privilege violation — DGS-1100-08PDCWE-272 3.7 Low2026-06-08
CVE-2026-11497 D-Link DCS-5615 Boa Webserver boa.conf least privilege violation — DCS-5615CWE-272 5.3 Medium2026-06-08
CVE-2026-11492 D-Link DIR-823G vsftpd vsftpd.conf least privilege violation — DIR-823GCWE-272 4.3 Medium2026-06-08
CVE-2026-11341 D-Link DWR-M920 formIMEISetup sub_412DA0 os command injection — DWR-M920CWE-78 6.3 Medium2026-06-05
CVE-2026-11339 D-Link DWR-M920 formUSSDSetup sub_41CF20 command injection — DWR-M920CWE-77 6.3 Medium2026-06-05
CVE-2026-10878 D-Link DWR-M920 formSmsManage sub_41C8E8 command injection — DWR-M920CWE-77 6.3 Medium2026-06-05
CVE-2026-10270 D-Link DI-7001 MINI API httpd_debug.asp sprintf stack-based overflow — DI-7001 MINICWE-121 8.8 High2026-06-01
CVE-2026-10206 D-Link DI-8400 dbsrv.asp stack-based overflow — DI-8400CWE-121 8.8 High2026-06-01
CVE-2018-25358 D-Link DIR601 2.02NA Credential Disclosure via my_cgi.cgi — DIR-601CWE-497 7.5 High2026-05-23
CVE-2026-8346 D-Link DIR-816 portForward command injection — DIR-816CWE-77 6.3 Medium2026-05-11
CVE-2026-8345 D-Link DIR-816 singlePortForward sub_445E7C command injection — DIR-816CWE-77 6.3 Medium2026-05-11
CVE-2026-8344 D-Link DIR-816 formDMZ.cgi sub_445E7C command injection — DIR-816CWE-77 6.3 Medium2026-05-11
CVE-2026-8273 D-Link DNS-320 system_mgr.cgi cgi_merge_user os command injection — DNS-320CWE-78 4.7 Medium2026-05-11
CVE-2026-8272 D-Link DNS-320 webfile_mgr.cgi chown os command injection — DNS-320CWE-78 4.7 Medium2026-05-11
CVE-2026-8271 D-Link DNS-320 network_mgr.cgi cgi_upnp_edit os command injection — DNS-320CWE-78 4.7 Medium2026-05-11
CVE-2026-8260 D-Link DCS-935L HNAP Service hnap_service SetDeviceSettings buffer overflow — DCS-935LCWE-120 8.8 High2026-05-11
CVE-2026-7857 D-Link DI-8100 CGI user_group.asp sprintf buffer overflow — DI-8100CWE-120 7.2 High2026-05-05
CVE-2026-7856 D-Link DI-8100 Web Management url_member.asp buffer overflow — DI-8100CWE-120 7.2 High2026-05-05
CVE-2026-7855 D-Link DI-8100 HTTP Request tggl.asp tggl_asp buffer overflow — DI-8100CWE-120 8.8 High2026-05-05
CVE-2026-7854 D-Link DI-8100 POST Parameter url_rule.asp url_rule_asp buffer overflow — DI-8100CWE-120 9.8 Critical2026-05-05
CVE-2026-7853 D-Link DI-8100 HTTP auto_reboot.asp sprintf buffer overflow — DI-8100CWE-120 9.8 Critical2026-05-05
CVE-2026-7851 D-Link DI-8100 yyxz.asp sprintf stack-based overflow — DI-8100CWE-121 7.2 High2026-05-05
CVE-2026-42376 D-Link DIR-456U A1 Hardcoded Telnet Backdoor Credentials — DIR-456U FirmwareCWE-798 9.8 Critical2026-05-04
CVE-2026-42375 D-Link DIR-600L A1 Hardcoded Telnet Backdoor Credentials — DIR-600L FirmwareCWE-798 9.8 Critical2026-05-04
CVE-2026-42374 D-Link DIR-600L B1 Hardcoded Telnet Backdoor Credentials — DIR-600L FirmwareCWE-798 9.8 Critical2026-05-04
CVE-2026-42373 D-Link DIR-605L B2 Hardcoded Telnet Backdoor Credentials — DIR-605L FirmwareCWE-798 9.8 Critical2026-05-04
CVE-2026-42372 D-Link DIR-605L A1 Hardcoded Telnet Backdoor Credentials — DIR-605L FirmwareCWE-798 8.8 High2026-05-04

This page lists every published CVE security advisory associated with D-link. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.