Dlink Dir-820L Firmware vulnerabilities

CVE-2025-52079 [HIGH] CWE-284 CVE-2025-52079: The administrator password setting of the D-Link DIR-820L 1.06B02 is has Improper Access Control and The administrator password setting of the D-Link DIR-820L 1.06B02 is has Improper Access Control and is vulnerable to Unverified Password Change via crafted POST request to /get_set.ccp.

CVE-2024-51186 [HIGH] CWE-77 CVE-2024-51186: D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via th D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions.

CVE-2024-48150 [CRITICAL] CWE-120 CVE-2024-48150: D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_451208 function. D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_451208 function.

CVE-2023-44808 [CRITICAL] CWE-787 CVE-2023-44808: D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_4507CC function. D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_4507CC function.

CVE-2023-44809 [CRITICAL] CWE-269 CVE-2023-44809: D-Link device DIR-820L 1.05B03 is vulnerable to Insecure Permissions. D-Link device DIR-820L 1.05B03 is vulnerable to Insecure Permissions.

CVE-2023-44807 [CRITICAL] CWE-787 CVE-2023-44807: D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function. D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function.

CVE-2023-25280 [CRITICAL] CWE-78 CVE-2023-25280: OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privile OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.

CVE-2023-25281 [HIGH] CWE-787 CVE-2023-25281: A stack overflow vulnerability exists in pingV4Msg component in D-Link DIR820LA1_FW105B03, allows at A stack overflow vulnerability exists in pingV4Msg component in D-Link DIR820LA1_FW105B03, allows attackers to cause a denial of service via the nextPage parameter to ping.ccp.

CVE-2023-25282 [MEDIUM] CWE-787 CVE-2023-25282: A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of ser A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the config.log_to_syslog and log_opt_dropPackets parameters to mydlink_api.ccp.

CVE-2023-25279 [CRITICAL] CWE-78 CVE-2023-25279: OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privile OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload.

CVE-2023-25283 [HIGH] CWE-787 CVE-2023-25283: A stack overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of se A stack overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the reserveDHCP_HostName_1.1.1.0 parameter to lan.asp.

CVE-2022-34973 [HIGH] CWE-120 CVE-2022-34973: D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at ping.ccp.

CVE-2022-26258 [CRITICAL] CWE-78 CVE-2022-26258: D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via H D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.

CVE-2015-1187 [CRITICAL] CWE-287 CVE-2015-1187: The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary co The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.