dlink dsp-w215_firmware CVE Vulnerabilities (6)

CVEs: 6 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting dlink dsp-w215_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 16 of 6 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2014-125117 A stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices, including the DSP-W215 version 1.02, can be exploited via a specially crafted HTTP POST request to the /common/info.cgi endpoint. This flaw enables an unauthenticated attacker to achieve remote code execution with system-level privileges. [email protected] 9.3 5.03% 2025-07-25 2026-06-16
CVE-2025-34125 An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted cookie values are processed, allowing remote attackers to execute arbitrary commands on the underlying Linux operating system. Successful exploitation enables full system compromise. [email protected] 9.3 3.13% 2025-07-16 2026-06-17
CVE-2021-29295 Null Pointer Dereference vulnerability exists in D-Link DSP-W215 1.10, which could let a remote malicious user cause a denial of servie via usr/bin/lighttpd. It could be triggered by sending an HTTP request without URL in the start line directly to the device. NOTE: The DSP-W215 and all hardware revisions is considered End of Life and as such this issue will not be patched [email protected] 7.5 1.13% 2021-08-10 2026-06-16
CVE-2020-13136 D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer. [email protected] 7.5 1.21% 2020-05-18 2026-06-16
CVE-2020-13135 D-Link DSP-W215 1.26b03 devices allow information disclosure by intercepting messages on the local network, as demonstrated by a Squid Proxy. [email protected] 6.5 0.76% 2020-05-18 2026-06-16
CVE-2014-3936 Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request. [email protected] 10.0 76.55% 2014-06-02 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence