Product:

Dir\-865l_firmware

(Dlink)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 16
Date Id Summary Products Score Patch Annotated
2020-09-19 CVE-2020-25786 webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header Dir\-645_firmware, Dir\-803_firmware, Dir\-815_firmware, Dir\-816l_firmware, Dir\-860l_firmware, Dir\-865l_firmware 6.1
2019-12-30 CVE-2019-17621 The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. Dir\-818lx_firmware, Dir\-822_firmware, Dir\-823_firmware, Dir\-859_firmware, Dir\-865l_firmware, Dir\-868l_firmware, Dir\-869_firmware, Dir\-880l_firmware, Dir\-885l_firmware, Dir\-885r_firmware, Dir\-890l_firmware, Dir\-890r_firmware, Dir\-895l_firmware, Dir\-895r_firmware 9.8
2018-03-06 CVE-2018-6527 XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi. Dir\-860l_firmware, Dir\-865l_firmware, Dir\-868l_firmware 6.1
2018-03-06 CVE-2018-6528 XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi. Dir\-860l_firmware, Dir\-865l_firmware, Dir\-868l_firmware 6.1
2018-03-06 CVE-2018-6529 XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi. Dir\-860l_firmware, Dir\-865l_firmware, Dir\-868l_firmware 6.1
2018-03-06 CVE-2018-6530 OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter. Dir\-860l_firmware, Dir\-865l_firmware, Dir\-868l_firmware, Dir\-880l_firmware 9.8
2020-01-02 CVE-2019-20213 D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. Dir\-818lx_firmware, Dir\-822_firmware, Dir\-823_firmware, Dir\-859_firmware, Dir\-865l_firmware, Dir\-868l_firmware, Dir\-869_firmware, Dir\-880l_firmware, Dir\-885l_firmware, Dir\-885r_firmware, Dir\-890l_firmware, Dir\-890r_firmware, Dir\-895l_firmware, Dir\-895r_firmware 7.5
2019-10-25 CVE-2013-4855 D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share. Dir\-865l_firmware 8.8
2019-10-25 CVE-2013-4856 D-Link DIR-865L has Information Disclosure. Dir\-865l_firmware 6.5
2019-10-25 CVE-2013-4857 D-Link DIR-865L has PHP File Inclusion in the router xml file. Dir\-865l_firmware 9.8