DIR-816
by Dlink
CVEs (99)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-43001 | Cri | 0.64 | 9.8 | 0.01 | Oct 26, 2022 | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function. | ||
| CVE-2022-43000 | Cri | 0.64 | 9.8 | 0.01 | Oct 26, 2022 | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4. | ||
| CVE-2022-42998 | Cri | 0.64 | 9.8 | 0.01 | Oct 26, 2022 | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd. | ||
| CVE-2022-37125 | Cri | 0.64 | 9.8 | 0.03 | Aug 31, 2022 | D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost. | ||
| CVE-2022-29327 | Cri | 0.64 | 9.8 | 0.04 | May 10, 2022 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel. | ||
| CVE-2022-29326 | Cri | 0.64 | 9.8 | 0.04 | May 10, 2022 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter. | ||
| CVE-2022-29325 | Cri | 0.64 | 9.8 | 0.04 | May 10, 2022 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter. | ||
| CVE-2022-29324 | Cri | 0.64 | 9.8 | 0.04 | May 10, 2022 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd. | ||
| CVE-2022-29323 | Cri | 0.64 | 9.8 | 0.04 | May 10, 2022 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment. | ||
| CVE-2022-29321 | Cri | 0.64 | 9.8 | 0.04 | May 10, 2022 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan. | ||
| CVE-2022-28915 | Cri | 0.64 | 9.8 | 0.06 | May 10, 2022 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm. | ||
| CVE-2021-31326 | Cri | 0.64 | 9.8 | 0.02 | Mar 24, 2022 | D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi. | ||
| CVE-2021-39509 | Cri | 0.64 | 9.8 | 0.05 | Aug 24, 2021 | An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection… | ||
| CVE-2018-20305 | Cri | 0.64 | 9.8 | 0.04 | Dec 20, 2018 | D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lead to a stack-based buffer overflow and overwrite a return address. | ||
| CVE-2018-17068 | Cri | 0.64 | 9.8 | 0.04 | Sep 15, 2018 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter. | ||
| CVE-2018-17067 | Cri | 0.64 | 9.8 | 0.02 | Sep 15, 2018 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address. | ||
| CVE-2018-17066 | Cri | 0.64 | 9.8 | 0.07 | Sep 15, 2018 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter. | ||
| CVE-2018-17065 | Cri | 0.64 | 9.8 | 0.02 | Sep 15, 2018 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address. | ||
| CVE-2018-17063 | Cri | 0.64 | 9.8 | 0.04 | Sep 15, 2018 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters. | ||
| CVE-2018-11013 | Cri | 0.64 | 9.8 | 0.07 | May 13, 2018 | Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header. |
- risk 0.64cvss 9.8epss 0.01
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function.
- risk 0.64cvss 9.8epss 0.01
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4.
- risk 0.64cvss 9.8epss 0.01
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd.
- risk 0.64cvss 9.8epss 0.03
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost.
- risk 0.64cvss 9.8epss 0.04
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel.
- risk 0.64cvss 9.8epss 0.04
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter.
- risk 0.64cvss 9.8epss 0.04
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter.
- risk 0.64cvss 9.8epss 0.04
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd.
- risk 0.64cvss 9.8epss 0.04
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment.
- risk 0.64cvss 9.8epss 0.04
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan.
- risk 0.64cvss 9.8epss 0.06
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm.
- risk 0.64cvss 9.8epss 0.02
D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi.
- risk 0.64cvss 9.8epss 0.05
An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection…
- risk 0.64cvss 9.8epss 0.04
D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lead to a stack-based buffer overflow and overwrite a return address.
- risk 0.64cvss 9.8epss 0.04
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address.
- risk 0.64cvss 9.8epss 0.07
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address.
- risk 0.64cvss 9.8epss 0.04
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters.
- risk 0.64cvss 9.8epss 0.07
Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header.
Page 2 of 5