Filtered by vendor Dlink
Subscriptions
Filtered by product Dir-860l Firmware
Subscriptions
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25786 | 1 Dlink | 12 Dir-645, Dir-645 Firmware, Dir-803 and 9 more | 2024-05-17 | 6.1 Medium |
| webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header | ||||
| CVE-2018-6530 | 1 Dlink | 8 Dir-860l, Dir-860l Firmware, Dir-865l and 5 more | 2023-11-08 | 9.8 Critical |
| OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter. | ||||
| CVE-2018-6529 | 1 Dlink | 6 Dir-860l, Dir-860l Firmware, Dir-865l and 3 more | 2023-11-08 | 6.1 Medium |
| XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi. | ||||
| CVE-2018-6528 | 1 Dlink | 6 Dir-860l, Dir-860l Firmware, Dir-865l and 3 more | 2023-11-08 | 6.1 Medium |
| XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi. | ||||
| CVE-2018-6527 | 1 Dlink | 6 Dir-860l, Dir-860l Firmware, Dir-865l and 3 more | 2023-11-08 | 6.1 Medium |
| XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi. | ||||
| CVE-2018-20114 | 1 Dlink | 4 Dir-818lw, Dir-818lw Firmware, Dir-860l and 1 more | 2021-04-23 | 9.8 Critical |
| On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530. | ||||
Page 1 of 1.