Dlink Dir-880L Firmware vulnerabilities

CVE-2025-4341 [MEDIUM] CWE-74 CVE-2025-4341: A vulnerability classified as critical was found in D-Link DIR-880L up to 104WWb01. Affected by this A vulnerability classified as critical was found in D-Link DIR-880L up to 104WWb01. Affected by this vulnerability is the function sub_16570 of the file /htdocs/ssdpcgi of the component Request Header Handler. The manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. The attack can be launched remotely. The

CVE-2020-29322 [HIGH] CWE-522 CVE-2020-29322: The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through de The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.

CVE-2019-20213 [HIGH] CWE-74 CVE-2019-20213: D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUT D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.

CVE-2019-17621 [CRITICAL] CWE-78 CVE-2019-17621: The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.

CVE-2017-14948 [CRITICAL] CWE-120 CVE-2017-14948: Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTEN

CVE-2018-20675 [CRITICAL] CWE-287 CVE-2018-20675: D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B0 D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass.

CVE-2018-20674 [HIGH] CVE-2018-20674: D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B0 D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution.

CVE-2018-6530 [CRITICAL] CWE-78 CVE-2018-6530: OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_ OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to