CVE-2021-41441
A DoS attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to reboot the router
CVSS
7.4
High
EPSS
1.6%
p73
KEV
—
Exploit Today
22
0-100
Published: Feb 9, 2022 · Last modified: Jul 9, 2026 · CWE-404
1.6%EPSS · 30 days2.2%
2026-06-302026-07-16
A DoS attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to reboot the router via sending a specially crafted URL to an authenticated victim. The authenticated victim need to visit this URL, for the router to reboot.
- supportannouncement.us.dlink.comhttps://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10283
- www.dlink.comhttps://www.dlink.com/en/security-bulletin/
- supportannouncement.us.dlink.comhttps://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10283
- www.dlink.comhttps://www.dlink.com/en/security-bulletin/
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2020-288747.5 HIG81.8%
——25reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).8dCVE-2025-97847.5 HIG80.2%
——24A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).17dCVE-2022-351916.5 MED55.6%
——17D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via a crafted HTTP connection request.8dCVE-2024-338447.5 HIG41.2%
——12The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE.8dCVE-2026-146234.3 MED40.8%
——12A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This patch is called 34bc6724acc97dba1f8691e586da95b042cb612d. A patch should be applied to remediate this issue.10dCVE-2026-156903.1 LOW34.0%
——10A vulnerability was identified in open62541 up to 1.5.5. Affected by this issue is the function responseReadNamespacesArray of the file src/client/ua_client_connect.c of the component Shared Client Library. Such manipulation of the argument Server_NamespaceArray leads to null pointer dereference. The attack can be executed remotely. The attack requires a high level of complexity. The exploitation is known to be difficult. The exploit is publicly available and might be used. The project closed the issue report, stating that this is not the official way to report a security vulnerability.3d