Dlink

Dir-816 Firmware

63 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2022-29326

Exploit
  • EPSS 1.5%
  • Veröffentlicht 10.05.2022 14:15:09
  • Zuletzt bearbeitet 21.11.2024 06:58:55

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter.

10

CVE-2022-29327

Exploit
  • EPSS 1.5%
  • Veröffentlicht 10.05.2022 14:15:09
  • Zuletzt bearbeitet 21.11.2024 06:58:55

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel.

9.8

CVE-2021-31326

Exploit
  • EPSS 1.66%
  • Veröffentlicht 24.03.2022 00:15:08
  • Zuletzt bearbeitet 21.11.2024 06:05:26

D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi.

9.8

CVE-2021-39510

Exploit
  • EPSS 6.5%
  • Veröffentlicht 24.08.2021 19:15:33
  • Zuletzt bearbeitet 21.11.2024 06:19:34

An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. Th...

9.8

CVE-2021-39509

Exploit
  • EPSS 16.34%
  • Veröffentlicht 24.08.2021 19:15:32
  • Zuletzt bearbeitet 21.11.2024 06:19:34

An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This ...

9.8

CVE-2021-27114

Exploit
  • EPSS 1.36%
  • Veröffentlicht 14.04.2021 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:57:22

An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the"'s_ip" and "s_mac" fields could lead to a Stack-Based Buffer Overflow and overwrite the retu...

10

CVE-2021-27113

Exploit
  • EPSS 28.61%
  • Veröffentlicht 14.04.2021 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:57:21

An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters...

10

CVE-2021-26810

Exploit
  • EPSS 31.8%
  • Veröffentlicht 30.03.2021 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:56:51

D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi, which can lead to command injection via shell me...

7.5

CVE-2019-7642

Exploit
  • EPSS 10.87%
  • Veröffentlicht 25.03.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:48:27

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions...

9.8

CVE-2019-10039

Exploit
  • EPSS 1.21%
  • Veröffentlicht 25.03.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 04:18:15

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/setSysAdm to edit the web or system account without authentication.