17 matches found
CVE-2022-37123
D-link DIR-816 A2v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi...
CVE-2022-37123
D-link DIR-816 A2v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi...
Command injection
D-link DIR-816 A2v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi...
CVE-2022-37123
D-link DIR-816 A2v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi...
D-Link DIR-816 A2 安全漏洞
The D-Link DIR-816 A2 is a wireless router from Taiwan, China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-816A2, which stems from an issue discovered via the HTTP request parameter in the handler function of the goform form2userconfig.cgi route, where a username string can...
D-Link DIR816 命令注入漏洞
D-Link DIR-816 is a wireless router from D-Link Taiwan, China.A security vulnerability exists in D-Link DIR-816A1FW101CNB04 750m11ac. The vulnerability is caused by a flaw in the handler function of the /goform/form2userconfig.cgi route. Through the use of HTTP request parameters, an attacker cou...
CVE-2019-20073
On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter User Account Configuration...
CVE-2019-20073
CVE-2019-20073 affects Netis DL4323 devices and is described as a Cross-Site Scripting (XSS) vulnerability via the form2userconfig.cgi username parameter in User Account Configuration. The root cause cited is lack of proper validation of client data by the WEB application. The connected records c...
CVE-2019-20073
On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter User Account Configuration...
CVE-2018-20305
D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lead to a stack-based buffer overflow and overwrite a return address...
PT-2018-2065 · D Link · D-Link Dir-816
Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 A2 version 1.10 B05 Description: The issue allows for arbitrary remote code execution without authentication via the newpass parameter. In the "/goform/form2userconfig.cgi" handler function, a long password may lead to a...
Privilege escalation
Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT1.1.1 devices allows remote authenticated users to obtain root privileges by leveraging a guest/user/normal account to submit a modified privilege parameter to /form2userconfig.cgi...
CVE-2017-11169
Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT1.1.1 devices allows remote authenticated users to obtain root privileges by leveraging a guest/user/normal account to submit a modified privilege parameter to /form2userconfig.cgi...
CVE-2017-11169
Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT1.1.1 devices allows remote authenticated users to obtain root privileges by leveraging a guest/user/normal account to submit a modified privilege parameter to /form2userconfig.cgi...
D-Link DIR-600M Device Cross-Site Scripting Vulnerability
D-Link DIR-600M is a wireless router product from AUO D-Link. A cross-site scripting vulnerability exists in the 'username' parameter of the form2userconfig.cgi file in versions prior to C1v3.05ENB01beta20170306 of the D-Link DIR-600M device. A remote attacker can use this vulnerability to...
Design/Logic Flaw
On D-Link DIR-600M devices before C1v3.05ENB01beta20170306, XSS was found in the form2userconfig.cgi username parameter...
CVE-2017-10676
On D-Link DIR-600M devices before C1v3.05ENB01beta20170306, XSS was found in the form2userconfig.cgi username parameter...