CVE-2019-10040
The CVE-2019-10040 issue affects the D-Link DIR-816 A2 (firmware 1.11). The vulnerability arises because the router only checks a random token when authorizing a goform request; an attacker can obtain this token from dir_login.asp and use the hidden API URL /goform/SystemCommand to execute a syst...