This page lists publicly disclosed CVE vulnerabilities affecting dlink dsp-w215_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2014-125117 | A stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices, including the DSP-W215 version 1.02, can be exploited via a specially crafted HTTP POST request to the /common/info.cgi endpoint. This flaw enables an unauthenticated attacker to achieve remote code execution with system-level privileges. | [email protected] | 9.3 | 5.03% | 2025-07-25 | 2026-06-16 |
| CVE-2025-34125 | An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted cookie values are processed, allowing remote attackers to execute arbitrary commands on the underlying Linux operating system. Successful exploitation enables full system compromise. | [email protected] | 9.3 | 3.13% | 2025-07-16 | 2026-06-17 |
| CVE-2021-29295 | Null Pointer Dereference vulnerability exists in D-Link DSP-W215 1.10, which could let a remote malicious user cause a denial of servie via usr/bin/lighttpd. It could be triggered by sending an HTTP request without URL in the start line directly to the device. NOTE: The DSP-W215 and all hardware revisions is considered End of Life and as such this issue will not be patched | [email protected] | 7.5 | 1.13% | 2021-08-10 | 2026-06-16 |
| CVE-2020-13136 | D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer. | [email protected] | 7.5 | 1.21% | 2020-05-18 | 2026-06-16 |
| CVE-2020-13135 | D-Link DSP-W215 1.26b03 devices allow information disclosure by intercepting messages on the local network, as demonstrated by a Squid Proxy. | [email protected] | 6.5 | 0.76% | 2020-05-18 | 2026-06-16 |
| CVE-2014-3936 | Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request. | [email protected] | 10.0 | 76.55% | 2014-06-02 | 2026-06-16 |