Dir-816l Firmware Security Vulnerabilities and Issues — Dir-816l Firmware CVE List

Lucene search

DlinkDir-816l Firmware

9 matches found

CVE•added 2022/05/18 12:15 p.m.•78 views

CVE-2022-28955

An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.

7.5CVSS7.5AI score0.89591EPSS

CVE•added 2022/05/18 12:15 p.m.•55 views

CVE-2022-28956

An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.

9.8CVSS9AI score0.40913EPSS

CVE•added 2015/11/18 4:59 p.m.•51 views

CVE-2015-5999

Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly ...

6.8CVSS7.7AI score0.16438EPSS

CVE•added 2025/05/23 7:15 p.m.•51 views

CVE-2025-46176

Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis.

6.5CVSS6.8AI score0.00041EPSS

CVE•added 2019/03/25 10:29 p.m.•44 views

CVE-2019-7642

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-...

7.5CVSS7.6AI score0.1087EPSS

CVE•added 2020/07/22 7:15 p.m.•43 views

CVE-2020-15894

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by se...

7.5CVSS7.6AI score0.01687EPSS

CVE•added 2020/07/22 7:15 p.m.•42 views

CVE-2020-15893

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet.

9.8CVSS9.8AI score0.83127EPSS

CVE•added 2020/07/22 7:15 p.m.•41 views

CVE-2020-15895

An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.

6.1CVSS6.2AI score0.41498EPSS

CVE•added 2020/09/19 8:15 p.m.•38 views

CVE-2020-25786

webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet...

6.1CVSS6AI score0.00458EPSS