CVE-2026-8344 D-Link DIR-816 formDMZ.cgi sub_445E7C command injection

A weakness has been identified in D-Link DIR-816 1.10CNB05R1B011D88210. Affected by this vulnerability is the function sub445E7C of the file /goform/formDMZ.cgi. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the...

CVE-2026-8344

The CVE describes a command injection in D-Link DIR-816 running 1.10CNB05_R1B011D88210. The vulnerability is in the function sub_445E7C of /goform/formDMZ.cgi, enabling remote execution of arbitrary commands. Several connected sources confirm remote exploitability and public availability of explo...

D-Link DIR-816A2 formDMZ.cgi Component Access Control Error Vulnerability

The D-Link DIR-816A2 is a router from China's AUO D-Link. The D-Link DIR-816A2 suffers from an Access Control Error vulnerability that stems from improper access control of the formDMZ.cgi component, which can be exploited by an attacker to set up the DMZ service via a specially crafted POST...

CVE-2024-57684

An access control issue in the component formDMZ.cgi of D-Link 816A2FWv1.10CNB05R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request...

PT-2025-3541 · D Link · D-Link 816

Name of the Vulnerable Software and Affected Versions: D-Link 816A2 FWv1.10CNB05 R1B011D88210 Description: The issue is related to an access control problem in the formDMZ.cgi component, which allows unauthenticated attackers to configure the DMZ service of the device through a crafted POST...