CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2020-15895
https://notcve.org/view.php?id=CVE-2020-15895
An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage. Se detectó un problema de tipo XSS en los dispositivos D-Link DIR-816L versiones 2.x anteriores a 1.10b04Beta02. En el archivo webinc/js/info.php, ninguna filtración de salida es aplicada al parámetro RESULT, antes de que se imprima en la página web • https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 2CVE-2019-7642
https://notcve.org/view.php?id=CVE-2019-7642
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10). Los routers D-Link con la funcionalidad mydlink presentan algunas interfaces web sin requerimientos de autenticación. • https://github.com/xw77cve/CVE-2019-7642 https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.8EPSS: 86%CPEs: 2EXPL: 3CVE-2015-5999 – D-Link DIR-816L Wireless Router - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-5999
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi. Múltiples vulnerabilidades de CSRF en el D-Link DIR-816L Wireless Router con firmware en versiones anteriores a 2.06.B09_BETA permite a atacantes remotos secuestrar la autenticación de los administradores en peticiones que (1) cambian la contraseña administrador, (2) cambian la política de red o (3) posiblemente tienen otro impacto no especificado a través de peticiones a hedwig.cgi y pigwidgeon.cgi manipuladas. D-Link DIR-816L suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/38707 ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-816L/DIR-816L_REVB_FIRMWARE_PATCH_NOTES_2.06.B09_BETA_EN.PDF http://packetstormsecurity.com/files/134379/D-Link-DIR-816L-Cross-Site-Request-Forgery.html http://seclists.org/fulldisclosure/2015/Nov/45 http://www.securityfocus.com/archive/1/536886/100/0/threaded http://www.securityfocus.com/bid/77588 • CWE-352: Cross-Site Request Forgery (CSRF) •