VYPR

DIR-816

by Dlink

CVEs (99)

  • CVE-2022-43001CriOct 26, 2022
    risk 0.64cvss 9.8epss 0.01

    D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function.

  • CVE-2022-43000CriOct 26, 2022
    risk 0.64cvss 9.8epss 0.01

    D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4.

  • CVE-2022-42998CriOct 26, 2022
    risk 0.64cvss 9.8epss 0.01

    D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd.

  • CVE-2022-37125CriAug 31, 2022
    risk 0.64cvss 9.8epss 0.03

    D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost.

  • CVE-2022-29327CriMay 10, 2022
    risk 0.64cvss 9.8epss 0.04

    D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel.

  • CVE-2022-29326CriMay 10, 2022
    risk 0.64cvss 9.8epss 0.04

    D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter.

  • CVE-2022-29325CriMay 10, 2022
    risk 0.64cvss 9.8epss 0.04

    D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter.

  • CVE-2022-29324CriMay 10, 2022
    risk 0.64cvss 9.8epss 0.04

    D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd.

  • CVE-2022-29323CriMay 10, 2022
    risk 0.64cvss 9.8epss 0.04

    D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment.

  • CVE-2022-29321CriMay 10, 2022
    risk 0.64cvss 9.8epss 0.04

    D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan.

  • CVE-2022-28915CriMay 10, 2022
    risk 0.64cvss 9.8epss 0.06

    D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm.

  • CVE-2021-31326CriMar 24, 2022
    risk 0.64cvss 9.8epss 0.02

    D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi.

  • CVE-2021-39509CriAug 24, 2021
    risk 0.64cvss 9.8epss 0.05

    An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection…

  • CVE-2018-20305CriDec 20, 2018
    risk 0.64cvss 9.8epss 0.04

    D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lead to a stack-based buffer overflow and overwrite a return address.

  • CVE-2018-17068CriSep 15, 2018
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter.

  • CVE-2018-17067CriSep 15, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address.

  • CVE-2018-17066CriSep 15, 2018
    risk 0.64cvss 9.8epss 0.07

    An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter.

  • CVE-2018-17065CriSep 15, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address.

  • CVE-2018-17063CriSep 15, 2018
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters.

  • CVE-2018-11013CriMay 13, 2018
    risk 0.64cvss 9.8epss 0.07

    Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header.

Page 2 of 5