Dir-816l Firmware Security Vulnerabilities
An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted...
9.8CVSS
9.1AI Score
0.008EPSS
An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and...
7.5CVSS
7.5AI Score
0.035EPSS
An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the...
6.1CVSS
6.5AI Score
0.002EPSS
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by...
7.5CVSS
7.3AI Score
0.002EPSS
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover...
9.8CVSS
8.1AI Score
0.004EPSS
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06),...
7.5CVSS
7.6AI Score
0.006EPSS
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly....
7.7AI Score
0.917EPSS