dlink security advisories

20 threat alerts tracking vulnerabilities and security advisories that affect dlink products.

Vulnios monitors dlink CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent dlink security news in one place, or click into an individual alert for full detail.

Critical Vulnerability: CVE-2026-42376 — dlink — dir-456u_firmware, dir-456u
D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username "Alphanetworks"
criticalCVE-2026-42376
Critical Vulnerability: CVE-2026-7854 — dlink — di-8100_firmware, di-8100
A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function url_rule_asp of the file /url_rule.asp of the component POST Parameter Handler.
criticalCVE-2026-7854
Critical Vulnerability: CVE-2026-7853 — dlink — di-8100_firmware, di-8100
A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation of the argument enable/time
criticalCVE-2026-7853
Critical Vulnerability: CVE-2026-42375 — dlink — dir-600l_firmware, dir-600l
D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static
criticalCVE-2026-42375
Critical Vulnerability: CVE-2026-42373 — dlink — dir-605l_firmware, dir-605l
D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the st
criticalCVE-2026-42373
Critical Vulnerability: CVE-2026-42374 — dlink — dir-600l_firmware, dir-600l
D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static
criticalCVE-2026-42374
Critical Vulnerability: CVE-2026-7248 — dlink — di-8100_firmware, di-8100
A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfile_htm of the file tgfile.htm of the component CGI Endpoint. The manipulation of the argument fn results in buffer
criticalCVE-2026-7248
Critical Vulnerability: CVE-2017-15909 — dlink — dgs-1500_firmware, dgs-1500
D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access.
criticalCVE-2017-15909
Critical Vulnerability: CVE-2017-14421 — dlink — dir-850l_firmware, dir-850l
D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attack
criticalCVE-2017-14421
Critical Vulnerability: CVE-2017-14429 — dlink — dir-850l_firmware, dir-850l
The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root becau
criticalCVE-2017-14429
Critical Vulnerability: CVE-2017-14417 — dlink — dir-850l_firmware, dir-850l
register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services.
criticalCVE-2017-14417
Critical Vulnerability: CVE-2017-12943 — dlink — dir-600_b1_firmware, dir-600_b1
D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the a
criticalCVE-2017-12943
Critical Vulnerability: CVE-2017-11436 — dlink — dir-615
D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection.
criticalCVE-2017-11436
Critical Vulnerability: CVE-2017-7405 — dlink — dir-615
On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an atta
criticalCVE-2017-7405
Critical Vulnerability: CVE-2017-7406 — dlink — dir-615
The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor net
criticalCVE-2017-7406
Critical Vulnerability: CVE-2016-1558 — dlink — dap-3662_firmware, dap-3662
Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier,
criticalCVE-2016-1558
Critical Vulnerability: CVE-2017-6205 — dlink — websmart_dgs-1510_series_firmware, websmart_dgs-1510-20
D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Co
criticalCVE-2017-6205
Critical Vulnerability: CVE-2016-10177 — dlink — dwr-932b_firmware, dwr-932b
An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234.
criticalCVE-2016-10177
Critical Vulnerability: CVE-2016-10182 — dlink — dwr-932b_firmware, dwr-932b
An issue was discovered on the D-Link DWR-932B router. qmiweb allows command injection with ` characters.
criticalCVE-2016-10182
Critical Vulnerability: CVE-2016-10178 — dlink — dwr-932b_firmware, dwr-932b
An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command.
criticalCVE-2016-10178

Track dlink exposure across your environment

Vulnios automatically cross-references your asset inventory against new dlink CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.

Start a free scan

dlink security advisories

Critical Vulnerability: CVE-2026-42376 — dlink — dir-456u_firmware, dir-456u

Critical Vulnerability: CVE-2026-7854 — dlink — di-8100_firmware, di-8100

Critical Vulnerability: CVE-2026-7853 — dlink — di-8100_firmware, di-8100

Critical Vulnerability: CVE-2026-42375 — dlink — dir-600l_firmware, dir-600l

Critical Vulnerability: CVE-2026-42373 — dlink — dir-605l_firmware, dir-605l

Critical Vulnerability: CVE-2026-42374 — dlink — dir-600l_firmware, dir-600l

Critical Vulnerability: CVE-2026-7248 — dlink — di-8100_firmware, di-8100

Critical Vulnerability: CVE-2017-15909 — dlink — dgs-1500_firmware, dgs-1500

Critical Vulnerability: CVE-2017-14421 — dlink — dir-850l_firmware, dir-850l

Critical Vulnerability: CVE-2017-14429 — dlink — dir-850l_firmware, dir-850l

Critical Vulnerability: CVE-2017-14417 — dlink — dir-850l_firmware, dir-850l

Critical Vulnerability: CVE-2017-12943 — dlink — dir-600_b1_firmware, dir-600_b1

Critical Vulnerability: CVE-2017-11436 — dlink — dir-615

Critical Vulnerability: CVE-2017-7405 — dlink — dir-615

Critical Vulnerability: CVE-2017-7406 — dlink — dir-615

Critical Vulnerability: CVE-2016-1558 — dlink — dap-3662_firmware, dap-3662

Critical Vulnerability: CVE-2017-6205 — dlink — websmart_dgs-1510_series_firmware, websmart_dgs-1510-20

Critical Vulnerability: CVE-2016-10177 — dlink — dwr-932b_firmware, dwr-932b

Critical Vulnerability: CVE-2016-10182 — dlink — dwr-932b_firmware, dwr-932b

Critical Vulnerability: CVE-2016-10178 — dlink — dwr-932b_firmware, dwr-932b

Track dlink exposure across your environment