Filtered by vendor Dlink Subscriptions
Filtered by product Dir-816 Firmware Subscriptions
Total 37 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-39637 2 D-link, Dlink 3 Dir-816 A2, Dir-816, Dir-816 Firmware 2024-09-26 9.8 Critical
D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis.
CVE-2019-10042 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-08-04 N/A
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/LoadDefaultSettings to reset the router without authentication.
CVE-2019-10041 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-08-04 N/A
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/form2userconfig.cgi to edit the system account without authentication.
CVE-2019-10040 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-08-04 N/A
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication.
CVE-2019-10039 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-08-04 N/A
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/setSysAdm to edit the web or system account without authentication.
CVE-2019-7642 1 Dlink 10 Dir-816, Dir-816 Firmware, Dir-816l and 7 more 2024-08-04 7.5 High
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).
CVE-2021-39510 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-08-04 9.8 Critical
An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell metacharacters.
CVE-2021-39509 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-08-04 9.8 Critical
An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell metacharacters.
CVE-2021-31326 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-08-03 9.8 Critical
D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi.
CVE-2021-27114 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-08-03 9.8 Critical
An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the"'s_ip" and "s_mac" fields could lead to a Stack-Based Buffer Overflow and overwrite the return address.
CVE-2021-27113 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-08-03 9.8 Critical
An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters.
CVE-2021-26810 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-08-03 9.8 Critical
D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi, which can lead to command injection via shell metacharacters in the statuscheckpppoeuser parameter.
CVE-2022-42999 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-08-03 7.5 High
D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm.
CVE-2022-43002 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-08-03 9.8 Critical
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54.
CVE-2022-43001 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-08-03 9.8 Critical
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function.
CVE-2022-43003 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-08-03 9.8 Critical
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function.
CVE-2022-43000 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-08-03 9.8 Critical
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4.
CVE-2022-42998 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-08-03 9.8 Critical
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd.
CVE-2022-37125 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-08-03 9.8 Critical
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost.
CVE-2022-37129 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-08-03 8.8 High
D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte_4836B0 by snprintf, and finally doSystem(&byte_4836B0); will be executed, resulting in a command injection.