Dlink Dir-655 Firmware vulnerabilities

6 known vulnerabilities affecting dlink/dir-655_firmware.

Total CVEs
6
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-6158HIGHCVSS 7.4v1.002025-06-17
CVE-2025-6158 [HIGH] CWE-119 CVE-2025-6158: A vulnerability classified as critical has been found in D-Link DIR-665 1.00. This affects the funct A vulnerability classified as critical has been found in D-Link DIR-665 1.00. This affects the function sub_AC78 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects p
nvd
CVE-2019-16920CRITICALCVSS 9.8KEVPoC≤ 3.02b052019-09-27
CVE-2019-16920 [CRITICAL] CWE-78 CVE-2019-16920: Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system comp
nvd
CVE-2019-13561CRITICALCVSS 9.8v3.02b052019-07-11
CVE-2019-13561 [CRITICAL] CWE-78 CVE-2019-13561: D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter.
nvd
CVE-2019-13560CRITICALCVSS 9.8v3.02b052019-07-11
CVE-2019-13560 [CRITICAL] CWE-255 CVE-2019-13560: D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter.
nvd
CVE-2019-13563HIGHCVSS 8.8v3.02b052019-07-11
CVE-2019-13563 [HIGH] CWE-352 CVE-2019-13563: D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console. D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console.
nvd
CVE-2019-13562MEDIUMCVSS 6.1v3.02b052019-07-11
CVE-2019-13562 [MEDIUM] CWE-79 CVE-2019-13562: D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response. D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the /www/apply_sec.cgi html_response_return_page parameter.
nvd