CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13105 – D-Link DIR-816 A2 DHCPD Setting form2Dhcpd.cgi access control
https://notcve.org/view.php?id=CVE-2024-13105
02 Jan 2025 — A vulnerability has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/form2Dhcpd.cgi of the component DHCPD Setting Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2Dhcpd.md • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13104 – D-Link DIR-816 A2 WiFi Settings form2AdvanceSetup.cgi access control
https://notcve.org/view.php?id=CVE-2024-13104
02 Jan 2025 — A vulnerability, which was classified as critical, was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Affected is an unknown function of the file /goform/form2AdvanceSetup.cgi of the component WiFi Settings Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2AdvanceSetup.md • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13103 – D-Link DIR-816 A2 Virtual Service form2AddVrtsrv.cgi access control
https://notcve.org/view.php?id=CVE-2024-13103
02 Jan 2025 — A vulnerability, which was classified as critical, has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This issue affects some unknown processing of the file /goform/form2AddVrtsrv.cgi of the component Virtual Service Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2AddVrtsrv.md • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13102 – D-Link DIR-816 A2 DDNS Service access control
https://notcve.org/view.php?id=CVE-2024-13102
02 Jan 2025 — A vulnerability classified as critical was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This vulnerability affects unknown code of the file /goform/DDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/DDNS.md • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2023-24331
https://notcve.org/view.php?id=CVE-2023-24331
21 Feb 2024 — Command Injection vulnerability in D-Link Dir 816 with firmware version DIR-816_A2_v1.10CNB04 allows attackers to run arbitrary commands via the urlAdd parameter. Vulnerabilidad de inyección de comandos en D-Link Dir 816 con versión de firmware DIR-816_A2_v1.10CNB04 permite a atacantes ejecutar comandos arbitrarios a través del parámetro urlAdd. • https://github.com/caoyebo/CVE/tree/main/Dlink%20816%20-%20CVE-2023-24331 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 12%CPEs: 2EXPL: 1CVE-2018-20305
https://notcve.org/view.php?id=CVE-2018-20305
20 Dec 2018 — D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lead to a stack-based buffer overflow and overwrite a return address. Los dispositivos D-Link DIR-816 A2 1.10 B05 permiten la ejecución remota de código sin autenticación mediante el parámetro newpass. En la función handler en /goform/form2userconfig.cgi, una contraseña larga podría conducir a un desbordamiento de ... • https://github.com/RootSoull/Vuln-Poc/tree/master/D-Link/DIR-816 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 12%CPEs: 2EXPL: 1CVE-2018-11013
https://notcve.org/view.php?id=CVE-2018-11013
13 May 2018 — Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header. Desbordamiento de búfer basado en pila en la función websRedirect en GoAhead en los routers D-Link DIR-816 A2 (CN) con la versión del firmware 1.10B05 permite que atacantes remotos no autenticados ejecuten código arbitrario mediante una petición con una cabecera HTTP Ho... • https://0x3f97.github.io/exploit/2018/05/13/D-Link-DIR-816-A2-CN-router-stack-based-buffer-overflow • CWE-787: Out-of-bounds Write •