Dlink

Dir-816l Firmware

11 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-9727

Exploit
  • EPSS 0.13%
  • Published 31.08.2025 11:32:06
  • Last modified 01.10.2025 20:42:08

A weakness has been identified in D-Link DIR-816L 206b01. Affected by this issue is the function soapcgi_main of the file /soap.cgi. This manipulation of the argument service causes os command injection. Remote exploitation of the attack is possible....

8.8

CVE-2025-7836

Exploit
  • EPSS 0.1%
  • Published 19.07.2025 16:44:06
  • Last modified 03.10.2025 18:38:18

A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function lxmldbc_system of the file /htdocs/cgibin of the component Environment Variable Handler. The manipulation leads...

6.5

CVE-2025-46176

  • EPSS 0.05%
  • Published 23.05.2025 00:00:00
  • Last modified 03.06.2025 15:47:26

Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis.

7.5

CVE-2022-28955

Exploit
  • EPSS 92.06%
  • Published 18.05.2022 12:15:08
  • Last modified 21.11.2024 06:58:14

An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.

9.8

CVE-2022-28956

Exploit
  • EPSS 40.91%
  • Published 18.05.2022 12:15:08
  • Last modified 21.11.2024 06:58:14

An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.

6.1

CVE-2020-25786

Exploit
  • EPSS 0.68%
  • Published 19.09.2020 20:15:11
  • Last modified 21.11.2024 05:18:46

webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploi...

9.8

CVE-2020-15893

Exploit
  • EPSS 84.78%
  • Published 22.07.2020 19:15:12
  • Last modified 21.11.2024 05:06:23

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the ...

7.5

CVE-2020-15894

  • EPSS 1.69%
  • Published 22.07.2020 19:15:12
  • Last modified 21.11.2024 05:06:23

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive in...

6.1

CVE-2020-15895

Exploit
  • EPSS 41.5%
  • Published 22.07.2020 19:15:12
  • Last modified 21.11.2024 05:06:23

An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.

7.5

CVE-2019-7642

Exploit
  • EPSS 10.87%
  • Published 25.03.2019 22:29:00
  • Last modified 21.11.2024 04:48:27

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions...