D-Link Dir-2150 vulnerabilities
17 known vulnerabilities affecting d-link/dir-2150.
Total CVEs
17
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH16MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-5291HIGHCVSS 8.8v1.06B012024-05-23
CVE-2024-5291 [HIGH] CWE-78 CVE-2024-5291: D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This
D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the SOAP API interface, which li
cvelistv5nvd
CVE-2023-34275HIGHCVSS 8.0v1.05B012024-05-03
CVE-2023-34275 [HIGH] CWE-78 CVE-2023-34275: D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability. This vul
D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The sp
cvelistv5nvd
CVE-2023-34276HIGHCVSS 8.0v1.05B012024-05-03
CVE-2023-34276 [HIGH] CWE-78 CVE-2023-34276: D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerabili
D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypas
cvelistv5nvd
CVE-2023-34279HIGHCVSS 8.8v1.05B012024-05-03
CVE-2023-34279 [HIGH] CWE-78 CVE-2023-34279: D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This
D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the SOAP API interface, which
cvelistv5nvd
CVE-2023-34274HIGHCVSS 8.8v1.05B012024-05-03
CVE-2023-34274 [HIGH] CWE-303 CVE-2023-34274: D-Link DIR-2150 LoginPassword Incorrect Implementation of Authentication Algorithm Authentication By
D-Link DIR-2150 LoginPassword Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the SO
cvelistv5nvd
CVE-2023-34278HIGHCVSS 8.0v1.05B012024-05-03
CVE-2023-34278 [HIGH] CWE-78 CVE-2023-34278: D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability.
D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed
cvelistv5nvd
CVE-2023-34277HIGHCVSS 8.0v1.05B012024-05-03
CVE-2023-34277 [HIGH] CWE-78 CVE-2023-34277: D-Link DIR-2150 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerabilit
D-Link DIR-2150 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass
cvelistv5nvd
CVE-2023-34280HIGHCVSS 8.0v1.05B012024-05-03
CVE-2023-34280 [HIGH] CWE-78 CVE-2023-34280: D-Link DIR-2150 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability. T
D-Link DIR-2150 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
cvelistv5nvd
CVE-2023-34281HIGHCVSS 8.0v1.05B012024-05-03
CVE-2023-34281 [HIGH] CWE-78 CVE-2023-34281: D-Link DIR-2150 GetFirmwareStatus Target Command Injection Remote Code Execution Vulnerability. This
D-Link DIR-2150 GetFirmwareStatus Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
Th
cvelistv5nvd
CVE-2023-44415HIGHCVSS 8.0vD-Link DIR-1260 version 1.02B06 Hotfix, D-Link DIR-2150 version 1.022024-05-03
CVE-2023-44415 [HIGH] CWE-78 CVE-2023-44415: D-Link Multiple Routers cli Command Injection Remote Code Execution Vulnerability. This vulnerabilit
D-Link Multiple Routers cli Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1260 and DIR-2150 routers. Authentication is required to exploit this vulnerability.
The specific flaw exists within the CLI service, which listens on
cvelistv5nvd
CVE-2023-34282HIGHCVSS 8.8v1.05B012024-05-03
CVE-2023-34282 [HIGH] CWE-303 CVE-2023-34282: D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vuln
D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the SOAP API in
cvelistv5nvd
CVE-2024-0717MEDIUMCVSS 5.3v202401122024-01-19
CVE-2024-0717 [MEDIUM] CWE-200 CVE-2024-0717: A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DI
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530,
cvelistv5nvd
CVE-2022-3210HIGHCVSS 8.8v4.0.12023-03-29
CVE-2022-3210 [HIGH] CWE-78 CVE-2022-3210: This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected insta
This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd service, which listens on TCP port 4044 by default. The issue results from the lack of proper validation of
cvelistv5nvd
CVE-2022-40717HIGHCVSS 8.8v4.0.12023-01-26
CVE-2022-40717 [HIGH] CWE-121 CVE-2022-40717: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DI
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length o
cvelistv5nvd
CVE-2022-40719HIGHCVSS 8.8v4.0.12023-01-26
CVE-2022-40719 [HIGH] CWE-78 CVE-2022-40719: This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected insta
This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd_generic.lua plugin for the xupnpd service, which listens on TCP port 4044 by default. When parsing the fee
cvelistv5nvd
CVE-2022-40718HIGHCVSS 8.8v4.0.12023-01-26
CVE-2022-40718 [HIGH] CWE-121 CVE-2022-40718: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DI
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length o
cvelistv5nvd
CVE-2022-40720HIGHCVSS 8.8v4.0.12023-01-26
CVE-2022-40720 [HIGH] CWE-78 CVE-2022-40720: This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected insta
This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on TCP port 4044 by default. The issue results from the lac
cvelistv5nvd