VYPR

DIR-816-A2

by Dlink

CVEs (12)

  • CVE-2021-27114CriApr 14, 2021
    risk 0.66cvss 9.8epss 0.25

    An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the"'s_ip" and "s_mac" fields could lead to a Stack-Based Buffer Overflow and overwrite the return address.

  • CVE-2023-43239CriSep 21, 2023
    risk 0.65cvss 9.8epss 0.12

    D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC.

  • CVE-2025-45931CriJun 30, 2025
    risk 0.64cvss 9.8epss 0.01

    An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file

  • CVE-2023-43236CriSep 21, 2023
    risk 0.64cvss 9.8epss 0.01

    D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi.

  • CVE-2021-31326CriMar 24, 2022
    risk 0.64cvss 9.8epss 0.02

    D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi.

  • CVE-2021-39509CriAug 24, 2021
    risk 0.64cvss 9.8epss 0.05

    An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection…

  • CVE-2021-27113CriApr 14, 2021
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters.

  • CVE-2021-26810CriMar 30, 2021
    risk 0.64cvss 9.8epss 0.05

    D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi, which can lead to command injection via shell metacharacters in the…

  • CVE-2019-10041CriMar 25, 2019
    risk 0.64cvss 9.8epss 0.02

    The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/form2userconfig.cgi to edit the system account without authentication.

  • CVE-2019-10040CriMar 25, 2019
    risk 0.64cvss 9.8epss 0.03

    The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication.

  • CVE-2019-10039CriMar 25, 2019
    risk 0.64cvss 9.8epss 0.02

    The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/setSysAdm to edit the web or system account without authentication.

  • CVE-2019-10042HigMar 25, 2019
    risk 0.49cvss 7.5epss 0.02

    The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/LoadDefaultSettings to reset the router without authentication.