Dlink Dir-868l Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Dlink Dir-868l Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2016-5681 — CVSS 9.8 (critical): Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03…
CVE-2016-6563 — CVSS 9.8 (critical): Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers…
CVE-2017-14948 — CVSS 9.8 (critical): Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute…
CVE-2019-16190 — CVSS 9.8 (critical): SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows…
CVE-2023-29856 — CVSS 9.8 (critical): D-Link DIR-868L Hardware version A1, firmware version 1.12 is vulnerable to Buffer Overflow. The vulnerability is in scandir.sgi binary.
CVE-2023-39665 — CVSS 9.8 (critical): D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the acStack_50 parameter.
CVE-2023-39667 — CVSS 9.8 (critical): D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the FUN_0000acb4…
CVE-2023-39668 — CVSS 9.8 (critical): D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the inet_ntoa()…
CVE-2025-55583 — CVSS 9.8 (critical): D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command injection vulnerability in the fileaccess.cgi…
CVE-2026-3485 — CVSS 9.8 (critical): A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the component SSDP Service. This manipulation of…
CVE-2018-10957 — CVSS 8.8 (high): CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of…
CVE-2019-20213 — CVSS 7.5 (high): D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as…
CVE-2019-7642 — CVSS 7.5 (high): D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain…
CVE-2020-29321 — CVSS 7.5 (high): The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an…
CVE-2025-63932 — CVSS 7.3 (high): D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. The HNAP service…
CVE-2018-6527 — CVSS 6.1 (medium): XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L…
CVE-2018-6528 — CVSS 6.1 (medium): XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L…
CVE-2018-6529 — CVSS 6.1 (medium): XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L…