Filtered by vendor Dlink Subscriptions
Filtered by product Dir-816 Firmware Subscriptions
Total 37 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-31326 1 Dlink 2 Dir-816, Dir-816 Firmware 2022-07-12 9.8 Critical
D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi.
CVE-2022-29327 1 Dlink 2 Dir-816, Dir-816 Firmware 2022-05-16 9.8 Critical
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel.
CVE-2022-29326 1 Dlink 2 Dir-816, Dir-816 Firmware 2022-05-16 9.8 Critical
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter.
CVE-2022-29325 1 Dlink 2 Dir-816, Dir-816 Firmware 2022-05-16 9.8 Critical
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter.
CVE-2022-29324 1 Dlink 2 Dir-816, Dir-816 Firmware 2022-05-16 9.8 Critical
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd.
CVE-2022-29323 1 Dlink 2 Dir-816, Dir-816 Firmware 2022-05-16 9.8 Critical
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment.
CVE-2022-29322 1 Dlink 2 Dir-816, Dir-816 Firmware 2022-05-16 9.8 Critical
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip.
CVE-2022-29321 1 Dlink 2 Dir-816, Dir-816 Firmware 2022-05-16 9.8 Critical
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan.
CVE-2021-39509 1 Dlink 2 Dir-816, Dir-816 Firmware 2021-09-01 9.8 Critical
An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell metacharacters.
CVE-2021-39510 1 Dlink 2 Dir-816, Dir-816 Firmware 2021-09-01 9.8 Critical
An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell metacharacters.
CVE-2019-7642 1 Dlink 10 Dir-816, Dir-816 Firmware, Dir-816l and 7 more 2021-04-23 7.5 High
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).
CVE-2021-27113 1 Dlink 2 Dir-816, Dir-816 Firmware 2021-04-20 9.8 Critical
An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters.
CVE-2021-27114 1 Dlink 2 Dir-816, Dir-816 Firmware 2021-04-20 9.8 Critical
An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the"'s_ip" and "s_mac" fields could lead to a Stack-Based Buffer Overflow and overwrite the return address.
CVE-2019-10040 1 Dlink 2 Dir-816, Dir-816 Firmware 2020-08-24 N/A
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication.
CVE-2019-10042 1 Dlink 2 Dir-816, Dir-816 Firmware 2020-08-24 N/A
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/LoadDefaultSettings to reset the router without authentication.
CVE-2019-10041 1 Dlink 2 Dir-816, Dir-816 Firmware 2020-08-24 N/A
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/form2userconfig.cgi to edit the system account without authentication.
CVE-2019-10039 1 Dlink 2 Dir-816, Dir-816 Firmware 2020-08-24 N/A
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/setSysAdm to edit the web or system account without authentication.