VulnCheck KEV: CVE-2021-39509

An issue was discovered in D-Link DIR-816 DIR-816A2FWv1.10CNB05R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell...

CVE-2022-37123

D-link DIR-816 A2v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi...

D-Link DIR-816 操作系统命令注入漏洞

The D-Link DIR-816 is a wireless router from China-based AUO D-Link. The D-Link DIR-816 A2v1.10CNB04.img suffers from an operating system command injection vulnerability that stems from being susceptible to command injection via /goform/form2userconfig.cgi...

CVE-2021-39509

An issue was discovered in D-Link DIR-816 DIR-816A2FWv1.10CNB05R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell...

CVE-2021-39509

An issue was discovered in D-Link DIR-816 DIR-816A2FWv1.10CNB05R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell...

CVE-2019-10041

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dirlogin.asp and use an API URL /goform/form2userconfig.cgi to edit the system account without authentication...

CVE-2017-10676

On D-Link DIR-600M devices before C1v3.05ENB01beta20170306, XSS was found in the form2userconfig.cgi username parameter...