Dlink Dap-1520 Firmware vulnerabilities

5 known vulnerabilities affecting dlink/dap-1520_firmware.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-4355HIGHCVSS 8.7v1.10b042025-05-06
CVE-2025-4355 [HIGH] CWE-119 CVE-2025-4355: A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been classified as critical. This A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been classified as critical. This affects the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
nvd
CVE-2025-4354HIGHCVSS 8.7v1.10b042025-05-06
CVE-2025-4354 [HIGH] CWE-119 CVE-2025-4354: A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02 and classified as critical. Affected by t A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02 and classified as critical. Affected by this issue is the function check_dws_cookie of the file /storage. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
nvd
CVE-2025-4356HIGHCVSS 8.7v1.10b042025-05-06
CVE-2025-4356 [HIGH] CWE-119 CVE-2025-4356: A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been declared as critical. This v A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been declared as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the p
nvd
CVE-2024-36831MEDIUMCVSS 5.3v1.10b042024-12-17
CVE-2024-36831 [MEDIUM] CWE-476 CVE-2024-36831: A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIR A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIRMWARE_1.10B04_BETA02_HOTFIX allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request without authentication.
nvd
CVE-2020-15892CRITICALCVSS 9.8≤ 1.10b042020-07-22
CVE-2020-15892 [CRITICAL] CWE-669 CVE-2020-15892: An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a use An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a user performs a login action from the web interface, the request values are being forwarded to the ssi binary. On the login page, the web interface restricts the password input field to a fixed length of 15 characters. The problem is that validation is
nvd