This page lists publicly disclosed CVE vulnerabilities affecting dlink dir-412_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-25115 | Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root priv | [email protected] | 10.0 | 1.34% | 2025-08-27 | 2025-09-24 |
| CVE-2019-17512 | There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can clear the router's log file via act=clear&logtype=sysact to log_clear.php, which could be used to erase attack traces. | [email protected] | 9.1 | 4.05% | 2019-10-16 | 2024-11-21 |
| CVE-2019-17511 | There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can get the router's log file via log_get.php, which could be used to discover the intranet network structure. | [email protected] | 7.5 | 4.37% | 2019-10-14 | 2024-11-21 |