CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2022-29325
https://notcve.org/view.php?id=CVE-2022-29325
10 May 2022 — D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter. Se ha detectado que D-Link DIR-816 versión A2_v1.10CNB04, contiene un desbordamiento de pila por medio del parámetro addurlfilter en /goform/websURLFilter • https://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-816/8 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2022-29326
https://notcve.org/view.php?id=CVE-2022-29326
10 May 2022 — D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter. Se ha detectado que D-Link DIR-816 versión A2_v1.10CNB04, contiene un desbordamiento de pila por medio del parámetro addhostfilter en /goform/websHostFilter • https://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-816/7 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 1CVE-2021-31326
https://notcve.org/view.php?id=CVE-2021-31326
23 Mar 2022 — D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi. D-Link DIR-816 A2 versión 1.10 B05, permite a atacantes no autenticados reiniciar arbitrariamente el dispositivo por medio de un parámetro tokenid diseñado en el archivo /goform/form2Reboot.cgi • https://github.com/GD008/vuln/blob/main/DIR-816_reset.md • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 28%CPEs: 2EXPL: 1CVE-2021-39510
https://notcve.org/view.php?id=CVE-2021-39510
24 Aug 2021 — An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell metacharacters. Se ha descubierto un problema en el router inalámbrico D-Link DIR816_A1_FW101CNB04 750m11ac, El parámetro de solicitud HTTP se utiliza en la función de manejador de la ruta /goform/form2userconfig.cg... • https://github.com/doudoudedi/main-DIR-816_A1_Command-injection • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 21%CPEs: 2EXPL: 1CVE-2021-39509
https://notcve.org/view.php?id=CVE-2021-39509
24 Aug 2021 — An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell metacharacters. Se ha descubierto un problema en D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 El parámetro de solicitud HTTP se utiliza en la función del manejador de la ruta /goform/form2userconfig.cgi, que pued... • https://github.com/doudoudedi/main-DIR-816_A2_Command-injection • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2021-27114
https://notcve.org/view.php?id=CVE-2021-27114
14 Apr 2021 — An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the"'s_ip" and "s_mac" fields could lead to a Stack-Based Buffer Overflow and overwrite the return address. Se detectó un problema en los dispositivos D-Link DIR-816 A2 versión 1.10 B05. Dentro de la función handler de la ruta /goform/addassignment, una entrada de texto muy larga para los campos "'s_ip" y "s_mac" podría conllevar a un desbordamiento d... • https://github.com/GD008/vuln/blob/main/DIR-816_stackoverflow.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 33%CPEs: 2EXPL: 1CVE-2021-27113
https://notcve.org/view.php?id=CVE-2021-27113
14 Apr 2021 — An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters. Se detectó un problema en los dispositivos D-Link DIR-816 A2 versión 1.10 B05. Un parámetro HTTP request es usada en la construcción de cadenas de comandos dentro de la función handler de la ruta /goform/addRouting. • https://github.com/GD008/vuln/blob/main/DIR-816_2.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 31%CPEs: 2EXPL: 1CVE-2021-26810
https://notcve.org/view.php?id=CVE-2021-26810
30 Mar 2021 — D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi, which can lead to command injection via shell metacharacters in the statuscheckpppoeuser parameter. D-link DIR-816 A2 versión v1.10 está afectado por una vulnerabilidad de inyección de código remoto. Se puede usar un parámetro de petición HTTP en la construcción de cadenas de comandos en la función del m... • https://github.com/GD008/vuln/blob/main/DIR-816.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-17507
https://notcve.org/view.php?id=CVE-2019-17507
11 Oct 2019 — An issue was discovered on D-Link DIR-816 A1 1.06 devices. An attacker could access management pages of the router via a client that ignores the 'top.location.href = "/dir_login.asp"' line in a .asp file. This provides access to d_status.asp, version.asp, d_dhcptbl.asp, and d_acl.asp. Se detectó un problema en los dispositivos D-Link DIR-816 versión A1 1.06. Un atacante podría acceder a las páginas de administración del enrutador por medio de un cliente que ignora la línea 'top.location.href= "/dir_login.as... • https://github.com/dahua966/Routers-vuls/tree/master/DIR-816 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 10%CPEs: 10EXPL: 2CVE-2019-7642
https://notcve.org/view.php?id=CVE-2019-7642
25 Mar 2019 — D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10). Los routers D-Link con la funcionalidad mydlink presentan algunas interfaces web sin requerimientos de autenticación. • https://github.com/xw77cve/CVE-2019-7642 • CWE-306: Missing Authentication for Critical Function •