VYPR

DIR816L

by Dlink

CVEs (15)

  • CVE-2025-9727MedAug 31, 2025
    risk 0.41cvss 6.3epss 0.05

    A weakness has been identified in D-Link DIR-816L 206b01. Affected by this issue is the function soapcgi_main of the file /soap.cgi. This manipulation of the argument service causes os command injection. Remote exploitation of the attack is possible. The exploit has been made…

  • CVE-2025-7836MedJul 19, 2025
    risk 0.41cvss 6.3epss 0.06

    A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function lxmldbc_system of the file /htdocs/cgibin of the component Environment Variable Handler. The manipulation leads to command injection. The…

  • CVE-2020-15893Jul 22, 2020
    risk 0.10cvss epss 0.21

    An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet.

  • CVE-2022-28955May 18, 2022
    risk 0.07cvss epss 0.38

    An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.

  • CVE-2015-5999Nov 18, 2015
    risk 0.03cvss epss 0.03

    Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network…

  • CVE-2022-28956May 18, 2022
    risk 0.02cvss epss 0.22

    An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.

  • CVE-2020-15895Jul 22, 2020
    risk 0.01cvss epss 0.03

    An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.

  • CVE-2019-7642Mar 25, 2019
    risk 0.01cvss epss 0.03

    D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04),…

  • CVE-2025-13191Nov 15, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was determined in D-Link DIR-816L 2_06_b09_beta. This issue affects the function soapcgi_main of the file /soap.cgi. This manipulation causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and…

  • CVE-2025-13190Nov 15, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in D-Link DIR-816L 2_06_b09_beta. This vulnerability affects the function scandir_main of the file /portal/__ajax_exporer.sgi. The manipulation of the argument en results in stack-based buffer overflow. The attack may be performed from remote. The…

  • CVE-2025-13189Nov 15, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been found in D-Link DIR-816L 2_06_b09_beta. This affects the function genacgi_main of the file gena.cgi. The manipulation of the argument SERVER_ID/HTTP_SID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit…

  • CVE-2025-13188Nov 14, 2025
    risk 0.00cvss epss 0.02

    A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Affected by this vulnerability is the function authenticationcgi_main of the file /authentication.cgi. Performing manipulation of the argument Password results in stack-based buffer overflow. Remote exploitation of…

  • CVE-2025-46176May 23, 2025
    risk 0.00cvss epss 0.00

    Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis.

  • CVE-2020-25786Sep 19, 2020
    risk 0.00cvss epss 0.01

    webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding…

  • CVE-2020-15894Jul 22, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin…