Dlink Dir-895L Firmware vulnerabilities

5 known vulnerabilities affecting dlink/dir-895l_firmware.

Total CVEs

5

CISA KEV

1

actively exploited

Public exploits

0

Exploited in wild

1

Severity breakdown

CRITICAL4HIGH1

Vulnerabilities

Page 1 of 1

CVE-2023-36091CRITICALCVSS 9.8v1.022023-07-31

CVE-2023-36091 [CRITICAL] CWE-863 CVE-2023-36091: Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escal Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2019-20213HIGHCVSS 7.5≤ 1.12b102020-01-02

CVE-2019-20213 [HIGH] CWE-74 CVE-2019-20213: D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUT D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.

CVE-2019-17621CRITICALCVSS 9.8KEV≤ 1.12b102019-12-30

CVE-2019-17621 [CRITICAL] CWE-78 CVE-2019-17621: The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.

CVE-2017-14948CRITICALCVSS 9.8v1.13b032019-10-14

CVE-2017-14948 [CRITICAL] CWE-120 CVE-2017-14948: Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTEN

CVE-2019-16190CRITICALCVSS 9.8≤ 1.212019-09-09

CVE-2019-16190 [CRITICAL] CWE-287 CVE-2019-16190: SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php.

Dlink Dir-895L Firmware vulnerabilities | cvebase