Vulnerabilities > Dlink > DIR 816 Firmware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-26 | CVE-2022-42999 | OS Command Injection vulnerability in Dlink Dir-816 Firmware 1.10B05 D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm. | 7.5 |
| 2022-08-31 | CVE-2022-37123 | OS Command Injection vulnerability in Dlink Dir-816 Firmware 1.10Cnb04 D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi. | 8.8 |
| 2022-08-31 | CVE-2022-37129 | OS Command Injection vulnerability in Dlink Dir-816 Firmware 1.10Cnb04 D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. | 8.8 |
| 2022-08-31 | CVE-2022-36620 | Improper Validation of Specified Quantity in Input vulnerability in Dlink Dir-816 Firmware 1.10Cnb04 D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /goform/addRouting. | 7.5 |
| 2021-08-24 | CVE-2021-39509 | Command Injection vulnerability in Dlink Dir-816 Firmware 1.10Cnb05R1B011D88210 An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. | 7.5 |
| 2021-08-24 | CVE-2021-39510 | Command Injection vulnerability in Dlink Dir-816 Firmware 101Cnb04 An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. | 7.5 |
| 2019-03-25 | CVE-2019-10042 | Missing Authentication for Critical Function vulnerability in Dlink Dir-816 Firmware 1.11 The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. | 7.8 |