Dlink

Dir-816l Firmware

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-9727

Exploit
  • EPSS 0.13%
  • Veröffentlicht 31.08.2025 11:32:06
  • Zuletzt bearbeitet 01.10.2025 20:42:08

A weakness has been identified in D-Link DIR-816L 206b01. Affected by this issue is the function soapcgi_main of the file /soap.cgi. This manipulation of the argument service causes os command injection. Remote exploitation of the attack is possible....

8.8

CVE-2025-7836

Exploit
  • EPSS 0.1%
  • Veröffentlicht 19.07.2025 16:44:06
  • Zuletzt bearbeitet 03.10.2025 18:38:18

A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function lxmldbc_system of the file /htdocs/cgibin of the component Environment Variable Handler. The manipulation leads...

6.5

CVE-2025-46176

  • EPSS 0.05%
  • Veröffentlicht 23.05.2025 00:00:00
  • Zuletzt bearbeitet 03.06.2025 15:47:26

Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis.

7.5

CVE-2022-28955

Exploit
  • EPSS 92.06%
  • Veröffentlicht 18.05.2022 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:58:14

An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.

9.8

CVE-2022-28956

Exploit
  • EPSS 40.91%
  • Veröffentlicht 18.05.2022 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:58:14

An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.

6.1

CVE-2020-25786

Exploit
  • EPSS 0.68%
  • Veröffentlicht 19.09.2020 20:15:11
  • Zuletzt bearbeitet 21.11.2024 05:18:46

webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploi...

9.8

CVE-2020-15893

Exploit
  • EPSS 84.78%
  • Veröffentlicht 22.07.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:06:23

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the ...

7.5

CVE-2020-15894

  • EPSS 1.69%
  • Veröffentlicht 22.07.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:06:23

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive in...

6.1

CVE-2020-15895

Exploit
  • EPSS 41.5%
  • Veröffentlicht 22.07.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:06:23

An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.

7.5

CVE-2019-7642

Exploit
  • EPSS 10.87%
  • Veröffentlicht 25.03.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:48:27

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions...