Currently exploited vulnerabilities

CVE ID	CVSS3.1	Exploitable	Vendor	Product	Vulnerability	Date added
CVE-2022-37055	9.8	True	D-Link	Routers	D-Link Routers Buffer Overflow Vulnerability	2025-12-08 00:00:00
CVE-2022-40799	8.8	True	D-Link	DNR-322L	D-Link DNR-322L Download of Code Without Integrity Check Vulnerability	2025-08-05 00:00:00
CVE-2020-25079	8.8	True	D-Link	DCS-2530L and DCS-2670L Devices	D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability	2025-08-05 00:00:00
CVE-2020-25078	7.5	True	D-Link	DCS-2530L and DCS-2670L Devices	D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability	2025-08-05 00:00:00
CVE-2024-0769	5.3	True	D-Link	DIR-859 Router	D-Link DIR-859 Router Path Traversal Vulnerability	2025-06-25 00:00:00
CVE-2023-25280	9.8	True	D-Link	DIR-820 Router	D-Link DIR-820 Router OS Command Injection Vulnerability	2024-09-30 00:00:00
CVE-2014-100005	8.0	True	D-Link	DIR-600 Router	D-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability	2024-05-16 00:00:00
CVE-2021-40655	7.5	True	D-Link	DIR-605 Router	D-Link DIR-605 Router Information Disclosure Vulnerability	2024-05-16 00:00:00
CVE-2024-3272	10.0	True	D-Link	Multiple NAS Devices	D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability	2024-04-11 00:00:00
CVE-2024-3273	7.5	True	D-Link	Multiple NAS Devices	D-Link Multiple NAS Devices Command Injection Vulnerability	2024-04-11 00:00:00
CVE-2016-20017	9.8	True	D-Link	DSL-2750B Devices	D-Link DSL-2750B Devices Command Injection Vulnerability	2024-01-08 00:00:00
CVE-2019-20500	7.8	True	D-Link	DWL-2600AP Access Point	D-Link DWL-2600AP Access Point Command Injection Vulnerability	2023-06-29 00:00:00
CVE-2019-17621	9.8	True	D-Link	DIR-859 Router	D-Link DIR-859 Router Command Execution Vulnerability	2023-06-29 00:00:00
CVE-2011-4723	5.7	True	D-Link	DIR-300 Router	D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability	2022-09-08 00:00:00
CVE-2018-6530	9.8	True	D-Link	Multiple Routers	D-Link Multiple Routers OS Command Injection Vulnerability	2022-09-08 00:00:00
CVE-2022-26258	9.8	True	D-Link	DIR-820L	D-Link DIR-820L Remote Code Execution Vulnerability	2022-09-08 00:00:00
CVE-2019-16057	9.8	True	D-Link	DNS-320 Storage Device	D-Link DNS-320 Remote Code Execution Vulnerability	2022-04-15 00:00:00
CVE-2021-45382	9.8	True	D-Link	Multiple Routers	D-Link Multiple Routers Remote Code Execution Vulnerability	2022-04-04 00:00:00
CVE-2013-5223	5.4	True	D-Link	DSL-2760U	D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability	2022-03-25 00:00:00
CVE-2016-11021	7.2	True	D-Link	DCS-930L Devices	D-Link DCS-930L Devices OS Command Injection Vulnerability	2022-03-25 00:00:00
CVE-2019-16920	9.8	True	D-Link	Multiple Routers	D-Link Multiple Routers Command Injection Vulnerability	2022-03-25 00:00:00
CVE-2020-9377	8.8	True	D-Link	DIR-610 Devices	D-Link DIR-610 Devices Remote Command Execution	2022-03-25 00:00:00
CVE-2015-2051	8.8	True	D-Link	DIR-645 Router	D-Link DIR-645 Router Remote Code Execution Vulnerability	2022-02-10 00:00:00
CVE-2020-25506	9.8	True	D-Link	DNS-320 Device	D-Link DNS-320 Device Command Injection Vulnerability	2021-11-03 00:00:00
CVE-2020-29557	9.8	True	D-Link	DIR-825 R1 Devices	D-Link DIR-825 R1 Devices Buffer Overflow Vulnerability	2021-11-03 00:00:00

AVET INS is an owner of VULNDBASE brand and website. This product uses data from the NVD API but is not endorsed or certified by the NVD. See NVD page for more information. CVE is a registered trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE site. CWE is a registered trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE page. KEV (Known Exploited Vulnerabilities) is a catalog maintained by CISA. EUVD is the official EU repository for timely, curated cybersecurity vulnerability intelligence and remediation guidance run by ENISA. DORA (Digital Operational Resilience Act) is and EU directive.