CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1392 – D-Link DIR-816 index.html cross site scripting
https://notcve.org/view.php?id=CVE-2025-1392
17 Feb 2025 — A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/webproc?getpage=html/index.html&var:menu=24gwlan&var:page=24G_basic. The manipulation of the argument SSID leads to cross site scripting. The attack can be launched remotely. • https://vuldb.com/?ctiid.296023 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13108 – D-Link DIR-816 A2 form2NetSniper.cgi access control
https://notcve.org/view.php?id=CVE-2024-13108
02 Jan 2025 — A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been declared as critical. This vulnerability affects unknown code of the file /goform/form2NetSniper.cgi. The manipulation leads to improper access controls. The attack can be initiated remotely. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2NetSniper.md • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13107 – D-Link DIR-816 A2 ACL form2LocalAclEditcfg.cgi access control
https://notcve.org/view.php?id=CVE-2024-13107
02 Jan 2025 — A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been classified as critical. This affects an unknown part of the file /goform/form2LocalAclEditcfg.cgi of the component ACL Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2LocalAclEditcfg.md • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13106 – D-Link DIR-816 A2 IP QoS form2IPQoSTcAdd access control
https://notcve.org/view.php?id=CVE-2024-13106
02 Jan 2025 — A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/form2IPQoSTcAdd of the component IP QoS Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2IPQoSTcAdd.md • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13105 – D-Link DIR-816 A2 DHCPD Setting form2Dhcpd.cgi access control
https://notcve.org/view.php?id=CVE-2024-13105
02 Jan 2025 — A vulnerability has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/form2Dhcpd.cgi of the component DHCPD Setting Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2Dhcpd.md • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13104 – D-Link DIR-816 A2 WiFi Settings form2AdvanceSetup.cgi access control
https://notcve.org/view.php?id=CVE-2024-13104
02 Jan 2025 — A vulnerability, which was classified as critical, was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Affected is an unknown function of the file /goform/form2AdvanceSetup.cgi of the component WiFi Settings Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2AdvanceSetup.md • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13103 – D-Link DIR-816 A2 Virtual Service form2AddVrtsrv.cgi access control
https://notcve.org/view.php?id=CVE-2024-13103
02 Jan 2025 — A vulnerability, which was classified as critical, has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This issue affects some unknown processing of the file /goform/form2AddVrtsrv.cgi of the component Virtual Service Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2AddVrtsrv.md • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13102 – D-Link DIR-816 A2 DDNS Service access control
https://notcve.org/view.php?id=CVE-2024-13102
02 Jan 2025 — A vulnerability classified as critical was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This vulnerability affects unknown code of the file /goform/DDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/DDNS.md • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24331
https://notcve.org/view.php?id=CVE-2023-24331
21 Feb 2024 — Command Injection vulnerability in D-Link Dir 816 with firmware version DIR-816_A2_v1.10CNB04 allows attackers to run arbitrary commands via the urlAdd parameter. Vulnerabilidad de inyección de comandos en D-Link Dir 816 con versión de firmware DIR-816_A2_v1.10CNB04 permite a atacantes ejecutar comandos arbitrarios a través del parámetro urlAdd. • https://github.com/caoyebo/CVE/tree/main/Dlink%20816%20-%20CVE-2023-24331 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 1CVE-2018-20305
https://notcve.org/view.php?id=CVE-2018-20305
20 Dec 2018 — D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lead to a stack-based buffer overflow and overwrite a return address. Los dispositivos D-Link DIR-816 A2 1.10 B05 permiten la ejecución remota de código sin autenticación mediante el parámetro newpass. En la función handler en /goform/form2userconfig.cgi, una contraseña larga podría conducir a un desbordamiento de ... • https://github.com/RootSoull/Vuln-Poc/tree/master/D-Link/DIR-816 • CWE-787: Out-of-bounds Write •