Dlink Dir-845l Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Dlink Dir-845l Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2022-36755 — CVSS 9.8 (critical): D-Link DIR845L A1 contains a authentication vulnerability via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php.
CVE-2022-38557 — CVSS 9.8 (critical): D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh.
CVE-2024-33110 — CVSS 9.1 (critical): D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php component.
CVE-2024-29385 — CVSS 9.0 (critical): DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function.
CVE-2024-29366 — CVSS 8.8 (high): A command injection vulnerability exists in the cgibin binary in DIR-845L router firmware <= v1.01KRb03.
CVE-2024-33112 — CVSS 7.5 (high): D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func.
CVE-2024-33111 — CVSS 5.4 (medium): D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php.