Dlink CVEs & Vulnerabilities

148 CVEs affecting Dlink products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

dir-513 33dir-513 firmware 33di-8003 firmware 28di-8003 28dns-320 25dns-320 firmware 25dns-1100-4 firmware 22dns-726-4 firmware 22
CVE-2026-3978HIGH

A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wan_connected results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.

12 Mar 2026
8.8
CVSS
CVE-2025-70244HIGH

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanSetup.

11 Mar 2026
7.5
CVSS
CVE-2025-70251HIGH

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanGuestSetup.

10 Mar 2026
7.5
CVSS
CVE-2025-70249HIGH

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard2.

10 Mar 2026
7.5
CVSS
CVE-2025-70247HIGH

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard1.

10 Mar 2026
7.5
CVSS
CVE-2025-70246HIGH

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formVirtualServ.

10 Mar 2026
7.5
CVSS
CVE-2025-70242HIGH

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formSetWanPPTP.

10 Mar 2026
7.5
CVSS
CVE-2025-70227HIGH

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the nextPage parameter to goform/formLanguageChange.

10 Mar 2026
7.5
CVSS
CVE-2025-70250HIGH

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formdumpeasysetup.

9 Mar 2026
7.5
CVSS
CVE-2025-70243HIGH

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard534.

9 Mar 2026
7.5
CVSS
CVE-2025-70238HIGH

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard52.

9 Mar 2026
7.5
CVSS
CVE-2025-70233CRITICAL

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard.

5 Mar 2026
9.8
CVSS
CVE-2025-70232CRITICAL

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter.

5 Mar 2026
9.8
CVSS
CVE-2025-70231CRITICAL

D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests related to verification codes in /goform/formLogin, it enters /goform/getAuthCode but fails to filter the value of the FILECODE parameter, resulting in a path traversal vulnerability.

5 Mar 2026
9.8
CVSS
CVE-2025-70230CRITICAL

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDDNS.

5 Mar 2026
9.8
CVSS
CVE-2025-70229CRITICAL

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSchedule.

5 Mar 2026
9.8
CVSS
CVE-2025-70222CRITICAL

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin,goform/getAuthCode.

5 Mar 2026
9.8
CVSS
CVE-2025-70225CRITICAL

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curtime parameter to the goform/formEasySetupWWConfig component

5 Mar 2026
9.8
CVSS
CVE-2025-70221CRITICAL

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin.

5 Mar 2026
9.8
CVSS
CVE-2025-46108CRITICAL

D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup.

5 Mar 2026
9.8
CVSS
CVE-2025-70219CRITICAL

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the goform/formDeviceReboot.

4 Mar 2026
9.8
CVSS
CVE-2025-70226CRITICAL

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard.

4 Mar 2026
9.8
CVSS
CVE-2025-70223CRITICAL

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork.

4 Mar 2026
9.8
CVSS
CVE-2025-70220CRITICAL

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4.

4 Mar 2026
9.8
CVSS
CVE-2025-70218CRITICAL

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via POST to the goform/formAdvFirewall component.

4 Mar 2026
9.8
CVSS
CVE-2026-3485CRITICAL

A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

4 Mar 2026
9.8
CVSS
CVE-2025-70240CRITICAL

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard51.

4 Mar 2026
9.8
CVSS
CVE-2025-70239CRITICAL

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55.

4 Mar 2026
9.8
CVSS
CVE-2025-70234CRITICAL

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS.

4 Mar 2026
9.8
CVSS
CVE-2025-70241CRITICAL

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWANType_Wizard5.

3 Mar 2026
9.8
CVSS
CVE-2025-70237CRITICAL

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr.

3 Mar 2026
9.8
CVSS
CVE-2025-70236CRITICAL

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDomainFilter.

3 Mar 2026
9.8
CVSS
CVE-2026-2962HIGH

A vulnerability was found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_460F30 of the file /boafrm/formDateReboot of the component Scheduled Reboot Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used.

23 Feb 2026
8.8
CVSS
CVE-2026-2961HIGHpoc

A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

23 Feb 2026
8.8
CVSS
CVE-2026-2960HIGHpoc

A flaw has been found in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_468D64 of the file /boafrm/formDhcpv6s. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.

23 Feb 2026
8.8
CVSS
CVE-2026-2959HIGHpoc

A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_44E0F8 of the file /boafrm/formNewSchedule. Performing a manipulation of the argument url results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used.

23 Feb 2026
8.8
CVSS
CVE-2026-2958HIGHpoc

A security vulnerability has been detected in D-Link DWR-M960 1.01.07. Affected is the function sub_457C5C of the file /boafrm/formWsc. Such manipulation of the argument save_apply leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

23 Feb 2026
8.8
CVSS
CVE-2026-2929HIGHpoc

A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_453140 of the file /boafrm/formWlAc of the component Wireless Access Control Endpoint. This manipulation of the argument submit-url causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

22 Feb 2026
8.8
CVSS
CVE-2026-2928HIGH

A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub_452CCC of the file /boafrm/formWlEncrypt of the component WLAN Encryption Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.

22 Feb 2026
8.8
CVSS
CVE-2026-2927HIGHpoc

A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_462590 of the file /boafrm/formOpMode of the component Operation Mode Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

22 Feb 2026
8.8
CVSS
CVE-2026-2926HIGHpoc

A flaw has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4237AC of the file /boafrm/formLteSetup of the component LTE Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.

22 Feb 2026
8.8
CVSS
CVE-2026-2925HIGH

A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_42B5A0 of the file /boafrm/formBridgeVlan of the component Bridge VLAN Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.

22 Feb 2026
8.8
CVSS
CVE-2026-2885HIGHpoc

A security flaw has been discovered in D-Link DWR-M960 1.01.07. The impacted element is the function sub_469104 of the file /boafrm/formIpv6Setup. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

22 Feb 2026
8.8
CVSS
CVE-2026-2884HIGHpoc

A vulnerability was identified in D-Link DWR-M960 1.01.07. The affected element is the function sub_41914C of the file /boafrm/formWanConfigSetup of the component WAN Interface Setting Handler. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

22 Feb 2026
8.8
CVSS
CVE-2026-2883HIGH

A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_427D74 of the file /boafrm/formIpQoS. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

21 Feb 2026
8.8
CVSS
CVE-2026-2882HIGHpoc

A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub_46385C of the file /boafrm/formDosCfg. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

21 Feb 2026
8.8
CVSS
CVE-2026-2881HIGHpoc

A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_425FF8 of the file /boafrm/formFirewallAdv of the component Advanced Firewall Configuration Endpoint. Such manipulation of the argument submit-url leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

21 Feb 2026
8.8
CVSS
CVE-2026-2857HIGHpoc

A vulnerability was determined in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_423E00 of the file /boafrm/formPortFw of the component Port Forwarding Configuration Endpoint. This manipulation of the argument submit-url causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

21 Feb 2026
8.8
CVSS