Skip to main content
CVE-2026-4184 CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in the D-Link DIR-816 router (version 1.10CNB05) that allows remote attackers to execute arbitrary code without authentication. A public proof-of-concept exploit is available on GitHub, making this vulnerability actively exploitable. However, D-Link no longer supports this product, meaning no patch will be released.

Buffer Overflow D-Link Stack Overflow Dir 816
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-4183 CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 router firmware version 1.10CNB05, affecting the wireless configuration interface (/goform/form2WlanBasicSetup.cgi). A publicly available proof-of-concept exploit exists, allowing remote attackers without authentication to achieve complete system compromise. The vulnerability affects end-of-life products no longer supported by D-Link, making patches unlikely.

Buffer Overflow D-Link Stack Overflow Dir 816
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-4182 CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in the D-Link DIR-816 router (version 1.10CNB05) that allows remote attackers to achieve full system compromise without authentication. A public proof-of-concept exploit is available on GitHub, and the vulnerability affects end-of-life products no longer supported by D-Link, making this a high-risk issue for organizations still using these devices.

Buffer Overflow D-Link Stack Overflow Dir 816
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2016-20026 CRITICAL POC Act Now

Critical hardcoded credentials vulnerability in ZKTeco ZKBioSecurity 3.0's bundled Apache Tomcat server that allows unauthenticated remote attackers to upload malicious WAR files and execute arbitrary code with SYSTEM privileges. Multiple public exploits are available (Exploit-DB, Packet Storm), making this a high-risk vulnerability for organizations using this biometric security management software.

RCE Tomcat Apache Authentication Bypass
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2016-20030 CRITICAL POC Act Now

User enumeration vulnerability in ZKTeco ZKBioSecurity 3.0 that allows unauthenticated attackers to discover valid usernames through partial character submissions to the authentication endpoint. A public proof-of-concept exploit is available, making this vulnerability actively exploitable, though it has a notably high CVSS score of 9.8 that appears inflated given the actual impact is limited to information disclosure.

Information Disclosure Zkteco Zkbiosecurity
NVD VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2016-20024 CRITICAL POC Act Now

Critical insecure file permissions vulnerability in ZKTeco ZKTime.Net 3.0.1.6 that allows unprivileged local users to gain elevated privileges by replacing executable files in the world-writable application directory. Multiple public proof-of-concept exploits are available on Exploit-DB and PacketStorm, making this vulnerability easily exploitable despite requiring local access. While not listed in CISA KEV and lacking current EPSS data, the availability of working exploits and the simplicity of the attack make this a significant risk for organizations using this time and attendance software.

Privilege Escalation Zkteco Zktime Net
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy