Dir-816 Firmware Security Vulnerabilities
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/setSysAdm to edit the web or system account without authentication.
9.8CVSS
9.3AI Score
0.005EPSS
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication.
9.8CVSS
9.5AI Score
0.005EPSS
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/form2userconfig.cgi to edit the system account without authentication.
9.8CVSS
9.3AI Score
0.005EPSS
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/LoadDefaultSettings to reset the router without authentication.
7.5CVSS
7.4AI Score
0.001EPSS
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-...
7.5CVSS
7.6AI Score
0.006EPSS
D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi, which can lead to command injection via shell metacharacters in the statuscheckpppoeuser paramete...
9.8CVSS
9.8AI Score
0.005EPSS
An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters.
9.8CVSS
9.6AI Score
0.016EPSS
An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the"'s_ip" and "s_mac" fields could lead to a Stack-Based Buffer Overflow and overwrite the return address.
9.8CVSS
9.3AI Score
0.003EPSS
D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi.
9.8CVSS
9.1AI Score
0.003EPSS
An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell metac...
9.8CVSS
9.7AI Score
0.046EPSS
An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell me...
9.8CVSS
9.7AI Score
0.046EPSS
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm.
9.8CVSS
9.8AI Score
0.002EPSS
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan.
9.8CVSS
9.6AI Score
0.002EPSS
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip.
9.8CVSS
9.7AI Score
0.002EPSS
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment.
9.8CVSS
9.6AI Score
0.002EPSS
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd.
9.8CVSS
9.7AI Score
0.002EPSS
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter.
9.8CVSS
9.6AI Score
0.002EPSS
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter.
9.8CVSS
9.6AI Score
0.002EPSS
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel.
9.8CVSS
9.6AI Score
0.002EPSS
In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC.
7.5CVSS
7.7AI Score
0.001EPSS
D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /goform/addRouting.
7.5CVSS
7.5AI Score
0.001EPSS
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi.
8.8CVSS
9.2AI Score
0.001EPSS
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost.
9.8CVSS
9.6AI Score
0.002EPSS
In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end.
9.8CVSS
9.5AI Score
0.002EPSS
D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte_4836B0 by snprintf, and finally doSystem(&byte_4836B0); will be executed, resulting in a command injection.
8.8CVSS
9.4AI Score
0.001EPSS
In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerability
9.8CVSS
9.7AI Score
0.002EPSS
D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentication via /goform/doReboot. No authentication is required, and reboot is executed when the function returns at the end.
7.5CVSS
7.7AI Score
0.001EPSS
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wantype is 3, l2tp_usrname will be decrypted by base64, and the result will be stored in v94, which does not check the size of l2tp_usrname, resulting in stack overflow.
9.8CVSS
9.4AI Score
0.002EPSS
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd.
9.8CVSS
9.6AI Score
0.002EPSS
D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm.
7.5CVSS
8AI Score
0.001EPSS
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4.
9.8CVSS
9.6AI Score
0.002EPSS
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function.
9.8CVSS
9.6AI Score
0.002EPSS
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54.
9.8CVSS
9.6AI Score
0.002EPSS
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function.
9.8CVSS
9.6AI Score
0.002EPSS
D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis.
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-...
5.3CVSS
5.3AI Score
0.001EPSS
An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function.
9.8CVSS
9.6AI Score
0.001EPSS