Vulnerabilities in D-Link

778 results
Vexday analysis

Com 777 CVEs catalogadas e 57 surgidas nos últimos 90 dias, o portfólio de vulnerabilidades da D-Link apresenta um ritmo de descoberta que exige monitoramento contínuo. A taxa de exploração ativa está em linha com a média geral do catálogo, mas o destaque crítico é CVE-2024-3273, que possui EPSS máximo de 1.0 — indicando probabilidade extremamente alta de exploração ativa —, e deve ser tratada como prioridade absoluta de mitigação. A presença de 80 CVEs com PoC pública, combinada com 56 falhas de severidade crítica, amplia significativamente a superfície de ataque disponível para agentes mal-intencionados. O tipo de falha mais frequente, CWE-121 (stack-based buffer overflow), é historicamente associado à execução remota de código, o que reforça a urgência de aplicar correções e segmentar dispositivos D-Link expostos à rede.

CVE-2025-1104MEDIUMD-Link DHP-W310AV authentication spoofingEPSS 2.7%CVE-2026-2169MEDIUMD-Link DWR-M921 formLtefotaUpgradeFibocom command injectionEPSS 2.6%CVE-2021-27248HIGHThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-FiEPSS 2.6%CVE-2026-1625MEDIUMD-Link DWR-M961 SMS Message formSmsManage sub_4250E0 command injectionEPSS 2.6%CVE-2026-1624MEDIUMD-Link DWR-M961 formLtefotaUpgradeFibocom command injectionEPSS 2.6%CVE-2020-27865HIGHThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware versionEPSS 2.5%CVE-2026-7067MEDIUMD-Link DIR-822 udhcpd DHCP Service dhcpd.c system command injectionEPSS 2.5%CVE-2024-4964MEDIUMD-Link DAR-7000-40 urlblist.php unrestricted uploadEPSS 2.5%CVE-2024-4962MEDIUMD-Link DAR-7000-40 resmanage.php unrestricted uploadEPSS 2.5%CVE-2024-9908MEDIUMD-Link DIR-619L B1 formSetMACFilter buffer overflowEPSS 2.5%CVE-2023-35744HIGHD-Link DAP-2622 DDP Configuration Restore Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution VulnerabilityEPSS 2.4%CVE-2023-44414CRITICALD-Link D-View coreservice_action_script Exposed Dangerous Function Remote Code Execution VulnerabilityEPSS 2.4%CVE-2023-44411CRITICALD-Link D-View InstallApplication Use of Hard-coded Credentials Authentication Bypass VulnerabilityEPSS 2.4%CVE-2023-6580HIGHD-Link DIR-846 QoS POST deserializationEPSS 2.3%CVE-2025-4452HIGHD-Link DIR-619L formSetWizard2 buffer overflowEPSS 2.3%CVE-2025-4449HIGHD-Link DIR-619L formEasySetupWizard3 buffer overflowEPSS 2.3%CVE-2025-4451HIGHD-Link DIR-619L formSetWAN_Wizard52 buffer overflowEPSS 2.3%CVE-2025-4450HIGHD-Link DIR-619L formSetEasy_Wizard buffer overflowEPSS 2.3%CVE-2025-4448HIGHD-Link DIR-619L formEasySetupWizard buffer overflowEPSS 2.3%CVE-2021-34830HIGHThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA rouEPSS 2.3%