Dlink

Dir-816 Firmware

63 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2019-10042

Exploit
  • EPSS 0.66%
  • Published 25.03.2019 19:29:01
  • Last modified 21.11.2024 04:18:16

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/LoadDefaultSettings to reset the router without authentication.

9.8

CVE-2019-10041

Exploit
  • EPSS 0.77%
  • Published 25.03.2019 19:29:01
  • Last modified 21.11.2024 04:18:15

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/form2userconfig.cgi to edit the system account without authentication.

10

CVE-2019-10040

Exploit
  • EPSS 1.09%
  • Published 25.03.2019 19:29:01
  • Last modified 21.11.2024 04:18:15

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication.