Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Dir\-825_firmware
(Dlink)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 11 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-08-10 | CVE-2021-29296 | Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vct_wan; the sbin/httpd would invoke the strchr function and take NULL as a first argument, which finally leads to the segmentation fault. NOTE: The DIR-825 and all hardware revisions is considered End of Life and as such this issue will not be patched | Dir\-825_firmware | 7.5 | ||
| 2019-09-27 | CVE-2019-16920 | Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825. | Dap\-1533_firmware, Dhp\-1565_firmware, Dir\-615_firmware, Dir\-652_firmware, Dir\-655_firmware, Dir\-825_firmware, Dir\-835_firmware, Dir\-855l_firmware, Dir\-862l_firmware, Dir\-866l_firmware | 9.8 | ||
| 2024-01-19 | CVE-2024-0717 | A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W,... | Dap\-1360_firmware, Dir\-1210_firmware, Dir\-1260_firmware, Dir\-2150_firmware, Dir\-300_firmware, Dir\-615_firmware, Dir\-615gf_firmware, Dir\-615s_firmware, Dir\-615t_firmware, Dir\-620_firmware, Dir\-620s_firmware, Dir\-806a_firmware, Dir\-815\/ac_firmware, Dir\-815_firmware, Dir\-815s_firmware, Dir\-816_firmware, Dir\-820_firmware, Dir\-822_firmware, Dir\-825_firmware, Dir\-825ac_firmware, Dir\-825acf_firmware, Dir\-825acg1_firmware, Dir\-841_firmware, Dir\-842_firmware, Dir\-842s_firmware, Dir\-843_firmware, Dir\-853_firmware, Dir\-878_firmware, Dir\-882_firmware, Dir\-X1530_firmware, Dir\-X1860_firmware, Dsl\-224_firmware, Dsl\-245gr_firmware, Dsl\-2640u_firmware, Dsl\-2750u_firmware, Dsl\-G2452gr_firmware, Dvg\-5402g\/gfru_firmware, Dvg\-5402g_firmware, Dvg\-N5402g\/il_firmware, Dvg\-N5402g_firmware, Dwm\-312w_firmware, Dwm\-321_firmware, Dwr\-921_firmware, Dwr\-953_firmware | 5.3 | ||
| 2023-01-31 | CVE-2022-47035 | Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint. | Dir\-825_firmware | 9.8 | ||
| 2022-05-17 | CVE-2022-29332 | D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the "../../../../" setting of the FTP server folder to set the router's root folder for FTP access. This allows you to access the entire router file system via the FTP server. | Dir\-825_firmware | 6.5 | ||
| 2022-04-27 | CVE-2021-46442 | In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization. | Dir\-825_firmware | 9.8 | ||
| 2022-04-27 | CVE-2021-46441 | In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization. | Dir\-825_firmware | 8.8 | ||
| 2020-03-07 | CVE-2020-10216 | An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected. | Dir\-825_firmware, Tew\-632brp_firmware | N/A | ||
| 2020-03-07 | CVE-2020-10215 | An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected. | Dir\-825_firmware, Tew\-632brp_firmware | N/A | ||
| 2020-03-07 | CVE-2020-10214 | An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntp_sync.cgi with a sufficiently long parameter ntp_server. | Dir\-825_firmware | N/A |