Skip to main content

Dir 816 Firmware

62 CVEs product

Monthly

CVE-2025-60679 HIGH POC This Week

A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1.10CNB05_R1B011D88210.img in the upload.cgi module, which handles firmware version information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE D-Link Dir 816 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-45931 CRITICAL POC Act Now

An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file

RCE Command Injection Dir 816 Firmware D-Link
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2025-5630 CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 firmware version 1.10CNB05 affecting the /goform/form2lansetup.cgi endpoint. An unauthenticated remote attacker can exploit this vulnerability by manipulating the 'ip' parameter to achieve complete system compromise including data exfiltration, integrity violation, and denial of service. The vulnerability has public exploit code available and affects end-of-life products no longer receiving vendor support.

Buffer Overflow D-Link RCE Dir 816 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-5624 CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 firmware version 1.10CNB05 affecting the QoSPortSetup function. An unauthenticated remote attacker can exploit this vulnerability by manipulating port0_group, port0_remarker, ssid0_group, or ssid0_remarker parameters to achieve arbitrary code execution, complete system compromise (confidentiality, integrity, availability), and full device takeover. Public exploit code has been disclosed, increasing real-world exploitation risk significantly.

Buffer Overflow D-Link Dir 816 Firmware RCE
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-5623 CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 1.10CNB05 affecting the qosClassifier function's dip_address/sip_address parameters. This unauthenticated, remotely exploitable flaw allows attackers to achieve complete system compromise (confidentiality, integrity, and availability impact). The vulnerability affects end-of-life products no longer receiving vendor support, with public exploit disclosure and confirmed proof-of-concept availability increasing real-world exploitation risk.

Buffer Overflow D-Link RCE Dir 816 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-5622 CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 wireless router (version 1.10CNB05) affecting the 5GHz wireless configuration interface. An unauthenticated remote attacker can exploit improper input validation in the wirelessApcli_5g function to achieve complete system compromise including arbitrary code execution, data theft, and service disruption. Public exploit code exists and the affected product line is end-of-life, creating significant risk for unpatched deployments.

Buffer Overflow D-Link Stack Overflow RCE Dir 816 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-5621 HIGH POC This Week

A command injection vulnerability in A vulnerability (CVSS 7.3). Risk factors: public PoC available.

Command Injection D-Link RCE Dir 816 Firmware
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
1.0%
CVE-2025-5620 HIGH POC This Week

A critical remote code execution vulnerability exists in D-Link DIR-816 firmware version 1.10CNB05, allowing unauthenticated attackers to execute arbitrary OS commands via the /goform/setipsec_config endpoint by manipulating localIP or remoteIP parameters. The vulnerability has a publicly disclosed proof-of-concept exploit and affects end-of-life hardware no longer receiving security updates from D-Link, creating significant risk for deployed instances.

Command Injection D-Link RCE Ipsec Dir 816 Firmware
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
1.0%
CVE-2025-29743 MEDIUM POC This Month

D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
9.0%
CVE-2025-1392 MEDIUM This Month

A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link XSS Dir 816 Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
2.4%
CVE-2024-57684 CRITICAL This Week

An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Privilege Escalation Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
5.2%
CVE-2024-57683 MEDIUM Monitor

An access control issue in the component websURLFilterAddDel of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the filter settings of the device via a crafted POST. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 816 Firmware
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-57682 MEDIUM This Month

An information disclosure vulnerability in the component d_status.asp of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to access sensitive information via a crafted POST. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Information Disclosure Dir 816 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-57681 MEDIUM This Month

An access control issue in the component form2alg.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the agl service of the device via a crafted POST request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 816 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-57680 MEDIUM This Month

An access control issue in the component form2PortriggerRule.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the port trigger of the device via a crafted POST. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 816 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-57679 MEDIUM This Month

An access control issue in the component form2RepeaterSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G repeater service of the device via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 816 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-57678 MEDIUM This Month

An access control issue in the component form2WlAc.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G mac access control list of the device via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 816 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-57677 MEDIUM This Month

An access control issue in the component form2Wan.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the wan service of the device via a crafted POST request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 816 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-57676 MEDIUM This Month

An access control issue in the component form2WlanBasicSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G wlan service of the device via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 816 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-13108 MEDIUM This Month

A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-13107 MEDIUM This Month

A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-13106 MEDIUM This Month

A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.8%
CVE-2024-13105 MEDIUM This Month

A vulnerability has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-13104 MEDIUM This Month

A vulnerability, which was classified as critical, was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-13103 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210.cgi of the component Virtual Service Handler. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-13102 MEDIUM This Month

A vulnerability classified as critical was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-24321 CRITICAL POC Act Now

An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE D-Link Dir 816 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2024-0717 MEDIUM POC THREAT This Month

A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 825Acg1 Firmware Dir 841 Firmware Dir 1260 Firmware +41
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
18.2%
CVE-2023-39637 CRITICAL Act Now

D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection D-Link Dir 816 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-43003 CRITICAL POC Act Now

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-43002 CRITICAL POC Act Now

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-43001 CRITICAL POC Act Now

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-43000 CRITICAL POC Act Now

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42999 HIGH POC This Week

D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2022-42998 CRITICAL POC Act Now

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-37130 CRITICAL POC THREAT Act Now

In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
26.3%
CVE-2022-37129 HIGH POC This Week

D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
8.3%
CVE-2022-37123 HIGH POC This Week

D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2022-36619 HIGH POC This Week

In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 816 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-37125 CRITICAL POC Act Now

D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-36620 HIGH POC THREAT This Week

D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /goform/addRouting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
23.2%
CVE-2022-37128 CRITICAL POC THREAT Act Now

In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
21.2%
CVE-2022-37134 CRITICAL POC THREAT Act Now

D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
21.2%
CVE-2022-37133 HIGH POC This Week

D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentication via /goform/doReboot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-29327 CRITICAL POC Act Now

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2022-29326 CRITICAL POC Act Now

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2022-29325 CRITICAL POC Act Now

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2022-29324 CRITICAL POC Act Now

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2022-29323 CRITICAL POC Act Now

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2022-29322 CRITICAL POC THREAT Act Now

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
16.1%
CVE-2022-29321 CRITICAL POC Act Now

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2022-28915 CRITICAL POC Act Now

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
6.5%
CVE-2021-39510 CRITICAL POC Act Now

An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
8.6%
CVE-2021-39509 CRITICAL POC Act Now

An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
5.1%
CVE-2021-27114 CRITICAL POC THREAT Act Now

An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
24.6%
CVE-2021-27113 CRITICAL POC Act Now

An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2021-26810 CRITICAL POC Act Now

D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
4.9%
CVE-2019-7642 HIGH POC This Week

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 817Lw Firmware Dir 816L Firmware Dir 816 Firmware +2
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-10042 HIGH POC This Week

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 816 Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-10041 CRITICAL POC Act Now

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 816 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-10040 CRITICAL POC Act Now

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 816 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%
CVE-2019-10039 CRITICAL POC Act Now

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 816 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
EPSS 0% CVSS 8.8
HIGH POC This Week

A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1.10CNB05_R1B011D88210.img in the upload.cgi module, which handles firmware version information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file

RCE Command Injection Dir 816 Firmware +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 firmware version 1.10CNB05 affecting the /goform/form2lansetup.cgi endpoint. An unauthenticated remote attacker can exploit this vulnerability by manipulating the 'ip' parameter to achieve complete system compromise including data exfiltration, integrity violation, and denial of service. The vulnerability has public exploit code available and affects end-of-life products no longer receiving vendor support.

Buffer Overflow D-Link RCE +1
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 firmware version 1.10CNB05 affecting the QoSPortSetup function. An unauthenticated remote attacker can exploit this vulnerability by manipulating port0_group, port0_remarker, ssid0_group, or ssid0_remarker parameters to achieve arbitrary code execution, complete system compromise (confidentiality, integrity, availability), and full device takeover. Public exploit code has been disclosed, increasing real-world exploitation risk significantly.

Buffer Overflow D-Link Dir 816 Firmware +1
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 1.10CNB05 affecting the qosClassifier function's dip_address/sip_address parameters. This unauthenticated, remotely exploitable flaw allows attackers to achieve complete system compromise (confidentiality, integrity, and availability impact). The vulnerability affects end-of-life products no longer receiving vendor support, with public exploit disclosure and confirmed proof-of-concept availability increasing real-world exploitation risk.

Buffer Overflow D-Link RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 wireless router (version 1.10CNB05) affecting the 5GHz wireless configuration interface. An unauthenticated remote attacker can exploit improper input validation in the wirelessApcli_5g function to achieve complete system compromise including arbitrary code execution, data theft, and service disruption. Public exploit code exists and the affected product line is end-of-life, creating significant risk for unpatched deployments.

Buffer Overflow D-Link Stack Overflow +2
NVD GitHub VulDB
EPSS 1% CVSS 7.3
HIGH POC This Week

A command injection vulnerability in A vulnerability (CVSS 7.3). Risk factors: public PoC available.

Command Injection D-Link RCE +1
NVD GitHub VulDB
EPSS 1% CVSS 7.3
HIGH POC This Week

A critical remote code execution vulnerability exists in D-Link DIR-816 firmware version 1.10CNB05, allowing unauthenticated attackers to execute arbitrary OS commands via the /goform/setipsec_config endpoint by manipulating localIP or remoteIP parameters. The vulnerability has a publicly disclosed proof-of-concept exploit and affects end-of-life hardware no longer receiving security updates from D-Link, creating significant risk for deployed instances.

Command Injection D-Link RCE +2
NVD GitHub VulDB
EPSS 9% CVSS 6.5
MEDIUM POC This Month

D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
EPSS 2% CVSS 5.1
MEDIUM This Month

A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link XSS Dir 816 Firmware
NVD VulDB
EPSS 5% CVSS 9.8
CRITICAL This Week

An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Privilege Escalation Dir 816 Firmware
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM Monitor

An access control issue in the component websURLFilterAddDel of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the filter settings of the device via a crafted POST. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 816 Firmware
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

An information disclosure vulnerability in the component d_status.asp of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to access sensitive information via a crafted POST. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

An access control issue in the component form2alg.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the agl service of the device via a crafted POST request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 816 Firmware
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

An access control issue in the component form2PortriggerRule.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the port trigger of the device via a crafted POST. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 816 Firmware
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

An access control issue in the component form2RepeaterSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G repeater service of the device via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 816 Firmware
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

An access control issue in the component form2WlAc.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G mac access control list of the device via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 816 Firmware
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

An access control issue in the component form2Wan.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the wan service of the device via a crafted POST request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 816 Firmware
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

An access control issue in the component form2WlanBasicSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G wlan service of the device via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 816 Firmware
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM This Month

A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
EPSS 2% CVSS 6.9
MEDIUM This Month

A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

A vulnerability has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

A vulnerability, which was classified as critical, was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

A vulnerability, which was classified as critical, has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210.cgi of the component Virtual Service Handler. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

A vulnerability classified as critical was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE D-Link +1
NVD GitHub VulDB
EPSS 18% CVSS 5.3
MEDIUM POC THREAT This Month

A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 825Acg1 Firmware +43
NVD GitHub VulDB
EPSS 2% CVSS 9.8
CRITICAL Act Now

D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection D-Link Dir 816 Firmware
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow +1
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC This Week

D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow +1
NVD GitHub
EPSS 26% CVSS 9.8
CRITICAL POC THREAT Act Now

In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
EPSS 8% CVSS 8.8
HIGH POC This Week

D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 816 Firmware
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
EPSS 23% CVSS 7.5
HIGH POC THREAT This Week

D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /goform/addRouting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
EPSS 21% CVSS 9.8
CRITICAL POC THREAT Act Now

In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub
EPSS 21% CVSS 9.8
CRITICAL POC THREAT Act Now

D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentication via /goform/doReboot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow +1
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow +1
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow +1
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow +1
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow +1
NVD GitHub
EPSS 16% CVSS 9.8
CRITICAL POC THREAT Act Now

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow +1
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow +1
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
EPSS 9% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
EPSS 25% CVSS 9.8
CRITICAL POC THREAT Act Now

An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC This Week

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 817Lw Firmware +4
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 816 Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 816 Firmware
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 816 Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 816 Firmware
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy