Dir-816 Firmware Security Vulnerabilities and Issues — Dir-816 Firmware CVE List

Lucene search

DlinkDir-816 Firmware

5 matches found

CVE•added 2019/03/25 7:29 p.m.•47 views

CVE-2019-10040

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication.

10CVSS9.5AI score0.01088EPSS

CVE•added 2019/03/25 7:29 p.m.•44 views

CVE-2019-10039

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/setSysAdm to edit the web or system account without authentication.

9.8CVSS9.3AI score0.01213EPSS

CVE•added 2019/03/25 10:29 p.m.•44 views

CVE-2019-7642

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-...

7.5CVSS7.6AI score0.1087EPSS

CVE•added 2019/03/25 7:29 p.m.•37 views

CVE-2019-10042

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/LoadDefaultSettings to reset the router without authentication.

7.8CVSS7.4AI score0.00657EPSS

CVE•added 2019/03/25 7:29 p.m.•33 views

CVE-2019-10041

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/form2userconfig.cgi to edit the system account without authentication.

9.8CVSS9.3AI score0.00769EPSS