Vulnerabilities > Dlink > DIR 816 Firmware

DATE CVE VULNERABILITY TITLE RISK
2022-05-10 CVE-2022-29326 Out-of-bounds Write vulnerability in Dlink Dir-816 Firmware 1.10Cnb04
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter.
network
low complexity
dlink CWE-787
critical
 10.0
10
2022-05-10 CVE-2022-29327 Out-of-bounds Write vulnerability in Dlink Dir-816 Firmware 1.10Cnb04
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel.
network
low complexity
dlink CWE-787
critical
 10.0
10
2022-03-24 CVE-2021-31326 Improper Authentication vulnerability in Dlink Dir-816 Firmware 1.10Cnb05
D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi.
network
low complexity
dlink CWE-287
critical
 9.0
9.0
2021-08-24 CVE-2021-39509 Command Injection vulnerability in Dlink Dir-816 Firmware 1.10Cnb05R1B011D88210
An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function.
network
low complexity
dlink CWE-77
7.5
7.5
2021-08-24 CVE-2021-39510 Command Injection vulnerability in Dlink Dir-816 Firmware 101Cnb04
An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function.
network
low complexity
dlink CWE-77
7.5
7.5
2021-03-30 CVE-2021-26810 OS Command Injection vulnerability in Dlink Dir-816 Firmware 1.10B05
D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability.
network
low complexity
dlink CWE-78
critical
 10.0
10
2019-03-25 CVE-2019-7642 Missing Authentication for Critical Function vulnerability in Dlink products
D-Link routers with the mydlink feature have some web interfaces without authentication requirements.
network
low complexity
dlink CWE-306
5.0
5.0
2019-03-25 CVE-2019-10042 Missing Authentication for Critical Function vulnerability in Dlink Dir-816 Firmware 1.11
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request.
network
low complexity
dlink CWE-306
7.8
7.8
2019-03-25 CVE-2019-10041 Missing Authentication for Critical Function vulnerability in Dlink Dir-816 Firmware 1.11
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request.
network
low complexity
dlink CWE-306
5.0
5.0
2019-03-25 CVE-2019-10040 Missing Authentication for Critical Function vulnerability in Dlink Dir-816 Firmware 1.11
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request.
network
low complexity
dlink CWE-306
critical
 10.0
10