Dlink Dir-882 Firmware vulnerabilities
31 known vulnerabilities affecting dlink/dir-882_firmware.
Total CVEs
31
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL10HIGH18MEDIUM3
Vulnerabilities
Page 1 of 2
CVE-2026-5844HIGHCVSS 7.3v1.01b022026-04-09
CVE-2026-5844 [HIGH] CWE-77 CVE-2026-5844: A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file pr
A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affec
nvd
CVE-2025-60698HIGHCVSS 7.3v1.02b022025-11-13
CVE-2025-60698 [HIGH] CWE-77 CVE-2025-60698: A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 wit
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. The `sub_432F60` function in `prog.cgi` stores user-supplied `SetSysLogSettings/IPAddress` values in NVRAM via `nvram_safe_set("SysLogRemote_IPAddress", ...)`. These values are later retrieved in the `sub_448DCC` fun
nvd
CVE-2025-60697HIGHCVSS 7.3v1.02b022025-11-13
CVE-2025-60697 [HIGH] CWE-77 CVE-2025-60697: A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 wit
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. The `sub_4438A4` function in `prog.cgi` stores user-supplied DDNS parameters (`ServerAddress` and `Hostname`) in NVRAM via `nvram_safe_set`. These values are later retrieved in the `start_DDNS_ipv4` function of `rc`
nvd
CVE-2025-60700MEDIUMCVSS 6.5v1.02b022025-11-13
CVE-2025-60700 [MEDIUM] CWE-77 CVE-2025-60700: A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 wit
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `librcm.so` binaries. The `sub_4455BC` function in `prog.cgi` stores user-supplied `SetDMZSettings/IPAddress` values in NVRAM via `nvram_safe_set("dmz_ipaddr", ...)`. These values are later retrieved in the `DMZ_run` function of
nvd
CVE-2025-60701MEDIUMCVSS 6.5v1.02b022025-11-13
CVE-2025-60701 [MEDIUM] CWE-77 CVE-2025-60701: A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 wit
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. The `sub_433188` function in `prog.cgi` stores user-supplied email configuration parameters (`EmailFrom`, `EmailTo`, `SMTPServerAddress`, `SMTPServerPort`, `AccountName`) in NVRAM via `nvram_safe_set`. These values
nvd
CVE-2024-48630HIGHCVSS 8.0v1.30b062024-10-17
CVE-2024-48630 [HIGH] CWE-78 CVE-2024-48630: D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the MacAddress parameter in the SetMACFilters2 function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
nvd
CVE-2024-48638HIGHCVSS 8.0v1.30b062024-10-17
CVE-2024-48638 [HIGH] CWE-78 CVE-2024-48638: D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SubnetMask parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
nvd
CVE-2024-48631HIGHCVSS 8.0v1.30b062024-10-17
CVE-2024-48631 [HIGH] CWE-78 CVE-2024-48631: D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
nvd
CVE-2024-48636HIGHCVSS 8.0v1.30b062024-10-17
CVE-2024-48636 [HIGH] CWE-78 CVE-2024-48636: D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:0/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
nvd
CVE-2024-48635HIGHCVSS 8.0v1.30b062024-10-17
CVE-2024-48635 [HIGH] CWE-78 CVE-2024-48635: D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:2/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
nvd
CVE-2024-48637HIGHCVSS 8.0v1.30b062024-10-17
CVE-2024-48637 [HIGH] CWE-78 CVE-2024-48637: D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
nvd
CVE-2024-48629HIGHCVSS 8.0v1.30b062024-10-17
CVE-2024-48629 [HIGH] CWE-78 CVE-2024-48629: D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the IPAddress parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
nvd
CVE-2024-48632HIGHCVSS 8.0v1.30b062024-10-17
CVE-2024-48632 [HIGH] CWE-78 CVE-2024-48632: D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command inj
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the LocalIPAddress, TCPPorts, and UDPPorts parameters in the SetPortForwardingSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
nvd
CVE-2024-48633HIGHCVSS 8.0v1.30b062024-10-17
CVE-2024-48633 [HIGH] CWE-78 CVE-2024-48633: D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command inj
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
nvd
CVE-2024-48634HIGHCVSS 8.0v1.30b062024-10-17
CVE-2024-48634 [HIGH] CWE-78 CVE-2024-48634: D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the key parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
nvd
CVE-2023-24330HIGHCVSS 8.8v1.30b062024-02-21
CVE-2023-24330 [HIGH] CWE-77 CVE-2023-24330: Command Injection vulnerability in D-Link Dir 882 with firmware version DIR882A1_FW130B06 allows att
Command Injection vulnerability in D-Link Dir 882 with firmware version DIR882A1_FW130B06 allows attackers to run arbitrary commands via crafted POST request to /HNAP1/.
nvd
CVE-2024-0717MEDIUMCVSS 5.3≤ 2024-01-122024-01-19
CVE-2024-0717 [MEDIUM] CWE-200 CVE-2024-0717: A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DI
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530,
nvd
CVE-2023-26925HIGHCVSS 7.5v1.302023-03-31
CVE-2023-26925 [HIGH] CVE-2023-26925: An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. A
An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. A specially crafted network request can lead to the disclosure of sensitive information.
nvd
CVE-2022-44804CRITICALCVSS 9.8v1.10b02v1.20b062022-11-22
CVE-2022-44804 [CRITICAL] CWE-787 CVE-2022-44804: D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function.
D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function.
nvd
CVE-2022-44807CRITICALCVSS 9.8v1.10b02v1.20b062022-11-22
CVE-2022-44807 [CRITICAL] CWE-787 CVE-2022-44807: D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString.
D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString.
nvd
1 / 2Next →