Dlink Dir-868l
23 CVEs affecting Dlink Dir-868l. Latest disclosed: 2026-03-03. Critical: 15, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-3485 | Critical | 9.8 | 2026-03-03 | A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the component SSDP Service. This manipulation of the argument ST causes… |
CVE-2025-55583 | Critical | 9.8 | 2025-08-28 | D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command injection vulnerability in the fileaccess.cgi component. The endp… |
CVE-2023-39668 | Critical | 9.8 | 2023-08-18 | D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the inet_ntoa() function. |
CVE-2023-39667 | Critical | 9.8 | 2023-08-18 | D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the FUN_0000acb4 function. |
CVE-2023-39665 | Critical | 9.8 | 2023-08-18 | D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the acStack_50 parameter. |
CVE-2023-29856 | Critical | 9.8 | 2023-05-02 | D-Link DIR-868L Hardware version A1, firmware version 1.12 is vulnerable to Buffer Overflow. The vulnerability is in scandir.sgi binary. |
CVE-2019-17621 | Critical | 9.8 | 2019-12-30 | The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands… |
CVE-2017-14948 | Critical | 9.8 | 2019-10-14 | Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote)… |
CVE-2019-16190 | Critical | 9.8 | 2019-09-09 | SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as… |
CVE-2018-19988 | Critical | 9.8 | 2019-05-13 | In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02… |
CVE-2018-19987 | Critical | 9.8 | 2019-05-13 | D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A… |
CVE-2016-6563 | Critical | 9.8 | 2018-07-13 | Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML f… |
CVE-2018-9284 | Critical | 9.8 | 2018-04-04 | authentication.cgi on D-Link DIR-868L devices with Singapore StarHub firmware before v1.21SHCb03 allows remote attackers to execute arbitrary code. |
CVE-2018-6530 | Critical | 9.8 | 2018-03-06 | OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L… |
CVE-2016-5681 | Critical | 9.8 | 2016-08-25 | Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before… |
CVE-2018-10957 | High | 8.8 | 2018-05-10 | CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected componen… |
CVE-2020-29321 | High | 7.5 | 2021-06-04 | The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated att… |
CVE-2019-20213 | High | 7.5 | 2020-01-02 | D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. |
CVE-2019-7642 | High | 7.5 | 2019-03-25 | D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and… |
CVE-2025-63932 | High | 7.3 | 2025-11-19 | D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. The HNAP service provided by cgibin d… |