1,769 CVEs

28 in CISA KEV

dlink Vulnerabilities

CVE security advisories and vulnerability history for dlink.

1,769

Total CVEs

Published

28

In CISA KEV

Exploited in the wild

915

Public exploits

With known exploit

8.0

Avg CVSS

2004–2026

Overview

dlink has 1,769 published CVE records since 2004, of which 28 are in CISA's Known Exploited Vulnerabilities catalog and 915 have a known public exploit. The average CVSS base score across scored CVEs is 8.0.

This page aggregates every publicly disclosed vulnerability (CVE) affecting dlink products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of dlink's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical188

High655

Medium312

Low7

607 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

28

28 of dlink's CVEs are confirmed exploited in the wild.

Public exploits

915

915 of dlink's CVEs have a known public exploit available.

Most affected products

The dlink products with the most published CVEs.

dir-816 firmware73 CVEs
dir-81673 CVEs
dir-619l firmware67 CVEs
DIR-605L67 CVEs
dir-605l firmware67 CVEs
dir-619l66 CVEs
dir-823g firmware62 CVEs
dir-823g61 CVEs

Common weakness types

The CWE weakness categories most often found in dlink CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish dlink CVE records.

Disclosure activity by year

How many dlink CVEs were published each year.

2019

119

2020

89

2021

85

2022

143

2023

188

2024

414

2025

329

2026

200

Latest dlink CVEs

The most recently disclosed vulnerabilities affecting dlink.

D-Link DIR-816 portForward command injection
CWE-74
Medium · CVSS 6.3
EPSS 0.1%2026-05-11
D-Link DIR-816 singlePortForward sub_445E7C command injection
CWE-74
Medium · CVSS 6.3
EPSS 0.1%2026-05-11
D-Link DIR-816 formDMZ.cgi sub_445E7C command injection
CWE-77
Medium · CVSS 6.3
EPSS 0.1%2026-05-11
D-Link DNS-320 system_mgr.cgi cgi_merge_user os command injection
CWE-77
Medium · CVSS 5.1
EPSS 0.1%2026-05-11
D-Link DNS-320 webfile_mgr.cgi chown os command injection
CWE-78
Medium · CVSS 5.1
EPSS 0.1%2026-05-11
D-Link DNS-320 network_mgr.cgi cgi_upnp_edit os command injection
CWE-78
Medium · CVSS 5.1
EPSS 0.1%2026-05-11
D-Link DCS-935L HNAP Service hnap_service SetDeviceSettings buffer overflow
CWE-119
High · CVSS 8.8
EPSS 0.0%2026-05-11
High vulnerability · 2026-05-11
CWE-77
High · CVSS 7.3
EPSS 5.7%2026-05-11
D-Link DI-8100 CGI user_group.asp sprintf buffer overflow
CWE-120
High · CVSS 8.6
EPSS 0.1%2026-05-05
D-Link DI-8100 Web Management url_member.asp buffer overflow
CWE-120
High · CVSS 8.6
EPSS 0.2%2026-05-05
D-Link DI-8100 HTTP Request tggl.asp tggl_asp buffer overflow
CWE-119
High · CVSS 8.8
EPSS 0.0%2026-05-05
D-Link DI-8100 POST Parameter url_rule.asp url_rule_asp buffer overflow
CWE-120
Critical · CVSS 9.8
EPSS 0.1%2026-05-05

Track new dlink CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor dlink CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

intel1,949 CVEs tenda1,923 CVEs Apache Software Foundation1,809 CVEs jenkins1,769 CVEs sun1,711 CVEs samsung1,607 CVEs sap1,586 CVEs Dell1,578 CVEs

Browse all vendors

Frequently asked questions

Common questions about dlink vulnerabilities.

How many CVEs does dlink have?

dlink has 1,769 published CVE records since 2004, including 529 in the last two years.

How many dlink CVEs are in CISA KEV?

Yes — 28 of dlink's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which dlink products have the most CVEs?

The dlink products with the most published CVEs are dir-816 firmware, dir-816, dir-619l firmware, DIR-605L, dir-605l firmware.

What are the most common weakness types in dlink CVEs?

dlink's CVEs most often map to these CWE weakness types: CWE-121 (Stack-based Buffer Overflow), CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')), CWE-77 (Improper Neutralization of Special Elements used in a Command ('Command Injection')), CWE-120 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')).

Are there public exploits for dlink vulnerabilities?

Yes — 915 of dlink's CVEs have a known public exploit.

How many critical dlink vulnerabilities are there?

dlink has 188 critical and 655 high-severity CVEs.

What is the average severity of dlink CVEs?

The average CVSS base score across dlink's scored CVEs is 8.0.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track dlink vulnerabilities

Monitor new dlink vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing