D-Link Dir-620 Firmware vulnerabilities
3 known vulnerabilities affecting d-link/dir-620_firmware.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2018-6213CRITICALCVSS 9.8Exploitedv1.0.3v1.0.37+5 more2018-06-20
CVE-2018-6213 [CRITICAL] CWE-798 CVE-2018-6213: In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1
In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account.
nvd
CVE-2018-6211HIGHCVSS 7.2v1.0.3v1.0.37+5 more2018-06-20
CVE-2018-6211 [HIGH] CWE-78 CVE-2018-6211: On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi.
nvd
CVE-2018-6212MEDIUMCVSS 6.1v1.0.3v1.0.37+5 more2018-06-20
CVE-2018-6212 [MEDIUM] CWE-79 CVE-2018-6212: On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of the XMLHttpRequest object.
nvd