Dir-815 firmware

This hub aggregates every CVE we track for Dir-815 firmware, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Dir-815 firmware.

• CVE-2018-25115D-Link DIR-110/412/600/615/645/815 RCE via service.cgi9.8Aug 27, 2025
• CVE-2025-6328D-Link DIR-815 hedwig.cgi sub_403794 stack-based overflow8.8Jun 20, 2025
• CVE-2024-22651There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04.9.8Jan 24, 2024
• CVE-2024-0717D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure5.3Jan 19, 2024
• CVE-2023-51123An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibi...9.8Jan 10, 2024
• CVE-2023-37758D-LINK DIR-815 v1.01 was discovered to contain a buffer overflow via the component /web/captcha.cgi.7.5Jul 18, 2023
• CVE-2020-25786webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported ...6.1Sep 19, 2020
• CVE-2018-10108D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php.6.1Apr 16, 2018
• CVE-2018-10107D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php.6.1Apr 16, 2018
• CVE-2018-10106D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have permission bypass and information disclosure in /htdocs/web/getcfg.php, as demonstrated by a /getcfg....9.8Apr 16, 2018
• CVE-2014-8888The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an "HTTP command injection i...9.8Apr 12, 2018
• CVE-2015-0153D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key.7.5Apr 12, 2018
• CVE-2015-0152D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the administrative password.9.8Apr 12, 2018
• CVE-2015-0151Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to hijack the authentication of arbitrary users for requests that ins...8.8Apr 12, 2018
• CVE-2015-0150The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to bypass intended access restrictions via unspecified vectors.9.8Apr 12, 2018