DIR-816
by Dlink
CVEs (99)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-37130 | Cri | 0.66 | 9.8 | 0.26 | Aug 31, 2022 | In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerability | ||
| CVE-2025-5623 | Cri | 0.65 | 9.8 | 0.12 | Jun 5, 2025 | A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to stack-based buffer overflow. It is possible to… | ||
| CVE-2023-43240 | Cri | 0.65 | 9.8 | 0.12 | Sep 21, 2023 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter. | ||
| CVE-2023-43239 | Cri | 0.65 | 9.8 | 0.12 | Sep 21, 2023 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC. | ||
| CVE-2023-43237 | Cri | 0.65 | 9.8 | 0.12 | Sep 21, 2023 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC. | ||
| CVE-2022-37128 | Cri | 0.65 | 9.8 | 0.21 | Aug 31, 2022 | In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end. | ||
| CVE-2022-37134 | Cri | 0.65 | 9.8 | 0.21 | Aug 22, 2022 | D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wantype is 3, l2tp_usrname will be decrypted by base64, and the result will be stored in v94, which does not check the size of l2tp_usrname, resulting in stack overflow. | ||
| CVE-2022-29322 | Cri | 0.65 | 9.8 | 0.16 | May 10, 2022 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip. | ||
| CVE-2026-4181 | Cri | 0.64 | 9.8 | 0.01 | Mar 16, 2026 | A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument key1/key2/key3/key4/pskValue results in stack-based buffer overflow. The attack… | ||
| CVE-2025-45931 | Cri | 0.64 | 9.8 | 0.01 | Jun 30, 2025 | An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file | ||
| CVE-2025-5630 | Cri | 0.64 | 9.8 | 0.02 | Jun 5, 2025 | A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vulnerability affects unknown code of the file /goform/form2lansetup.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be initiated remotely.… | ||
| CVE-2025-5624 | Cri | 0.64 | 9.8 | 0.02 | Jun 5, 2025 | A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The manipulation of the argument port0_group/port0_remarker/ssid0_group/ssid0_remarker leads to… | ||
| CVE-2025-5622 | Cri | 0.64 | 9.8 | 0.02 | Jun 5, 2025 | A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g of the file /goform/wirelessApcli_5g. The manipulation of the argument apcli_mode_5g/apcli_enc_5g/apcli_default_key_5g leads to stack-based… | ||
| CVE-2023-24331 | Cri | 0.64 | 9.8 | 0.02 | Feb 21, 2024 | Command Injection vulnerability in D-Link Dir 816 with firmware version DIR-816_A2_v1.10CNB04 allows attackers to run arbitrary commands via the urlAdd parameter. | ||
| CVE-2023-43242 | Cri | 0.64 | 9.8 | 0.01 | Sep 21, 2023 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel. | ||
| CVE-2023-43238 | Cri | 0.64 | 9.8 | 0.01 | Sep 21, 2023 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in form2Dhcpip.cgi. | ||
| CVE-2023-43236 | Cri | 0.64 | 9.8 | 0.01 | Sep 21, 2023 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi. | ||
| CVE-2023-39637 | Cri | 0.64 | 9.8 | 0.02 | Sep 12, 2023 | D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis. | ||
| CVE-2022-43003 | Cri | 0.64 | 9.8 | 0.01 | Oct 26, 2022 | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function. | ||
| CVE-2022-43002 | Cri | 0.64 | 9.8 | 0.01 | Oct 26, 2022 | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54. |
- risk 0.66cvss 9.8epss 0.26
In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerability
- risk 0.65cvss 9.8epss 0.12
A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to stack-based buffer overflow. It is possible to…
- risk 0.65cvss 9.8epss 0.12
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter.
- risk 0.65cvss 9.8epss 0.12
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC.
- risk 0.65cvss 9.8epss 0.12
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC.
- risk 0.65cvss 9.8epss 0.21
In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end.
- risk 0.65cvss 9.8epss 0.21
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wantype is 3, l2tp_usrname will be decrypted by base64, and the result will be stored in v94, which does not check the size of l2tp_usrname, resulting in stack overflow.
- risk 0.65cvss 9.8epss 0.16
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip.
- risk 0.64cvss 9.8epss 0.01
A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument key1/key2/key3/key4/pskValue results in stack-based buffer overflow. The attack…
- risk 0.64cvss 9.8epss 0.01
An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file
- risk 0.64cvss 9.8epss 0.02
A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vulnerability affects unknown code of the file /goform/form2lansetup.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be initiated remotely.…
- risk 0.64cvss 9.8epss 0.02
A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The manipulation of the argument port0_group/port0_remarker/ssid0_group/ssid0_remarker leads to…
- risk 0.64cvss 9.8epss 0.02
A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g of the file /goform/wirelessApcli_5g. The manipulation of the argument apcli_mode_5g/apcli_enc_5g/apcli_default_key_5g leads to stack-based…
- risk 0.64cvss 9.8epss 0.02
Command Injection vulnerability in D-Link Dir 816 with firmware version DIR-816_A2_v1.10CNB04 allows attackers to run arbitrary commands via the urlAdd parameter.
- risk 0.64cvss 9.8epss 0.01
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel.
- risk 0.64cvss 9.8epss 0.01
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in form2Dhcpip.cgi.
- risk 0.64cvss 9.8epss 0.01
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi.
- risk 0.64cvss 9.8epss 0.02
D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis.
- risk 0.64cvss 9.8epss 0.01
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function.
- risk 0.64cvss 9.8epss 0.01
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54.
Page 1 of 5