Lucene search
K

D-Link DIR-816L - Improper Access Control

🗓️ 03 Jul 2026 13:39:16Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 25 Views

D-Link DIR-816L - Improper Access Control, CVE-2022-28955, Unauthorized Acces

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2022-28955
18 May 202212:15
attackerkb
BDU FSTEC
The vulnerability of D-Link DIR816L router’s microprogramming software allows a hacker to gain access to the folder_view.php and category_view.php folders.
14 Jun 202200:00
bdu_fstec
Circl
CVE-2022-28955
18 May 202216:28
circl
CNNVD
D-Link DIR816 授权问题漏洞
18 May 202200:00
cnnvd
CNVD
D-Link DIR816 Access Control Error Vulnerability
20 May 202200:00
cnvd
CVE
CVE-2022-28955
18 May 202211:50
cve
Cvelist
CVE-2022-28955
18 May 202211:50
cvelist
NVD
CVE-2022-28955
18 May 202212:15
nvd
OSV
CVE-2022-28955
18 May 202212:15
osv
Prion
Improper access control
18 May 202212:15
prion
Rows per page
id: CVE-2022-28955

info:
  name: D-Link DIR-816L - Improper Access Control
  author: arafatansari
  severity: high
  description: |
    D-Link DIR-816L_FW206b01 is susceptible to improper access control. An attacker can access folders folder_view.php and category_view.php and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information or control of the affected router.
  remediation: |
    Apply the latest firmware update provided by D-Link to fix the access control issue.
  reference:
    - https://github.com/shijin0925/IOT/blob/master/DIR816/1.md
    - https://www.dlink.com/en/security-bulletin/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-28955
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2022-28955
    cwe-id: CWE-287
    epss-score: 0.38289
    epss-percentile: 0.98382
    cpe: cpe:2.3:o:dlink:dir-816l_firmware:206b01:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: dlink
    product: dir-816l_firmware
    shodan-query:
      - http.html:"DIR-816L"
      - http.html:"dir-816l"
    fofa-query: body="dir-816l"
  tags: cve2022,cve,dlink,exposure,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/category_view.php"
      - "{{BaseURL}}/folder_view.php"

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '<title>SharePort Web Access</title>'

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100c8e2ca00916838e10d0e52913a297ee04ad00f8989d0aebb4e21fbe380e2618f02207522f0364febcbb5192e1274e151cee4dceb3606ec8b51936a5b74c20eb0cfe0:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.9Medium risk
Vulners AI Score6.9
CVSS 25
CVSS 3.17.5
EPSS0.38289
25