VYPR

DIR-816

by Dlink

CVEs (99)

  • CVE-2022-37129HigAug 31, 2022
    risk 0.58cvss 8.8epss 0.08

    D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte_4836B0 by snprintf, and finally doSystem(&byte_4836B0); will be executed, resulting in a command injection.

  • CVE-2026-10183HigMay 31, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. This affects the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument enrollee leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly…

  • CVE-2026-10123HigMay 30, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetDomainFilter of the file /goform/formSetDomainFilter. Performing a manipulation of the argument blocked_domain/permitted_domain/blocked_domain_list/permitted_domain_list results in…

  • CVE-2026-10122HigMay 30, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file /goform/formSetProtocolFilter. Such manipulation of the argument protocol_name leads to stack-based buffer overflow. The attack may be performed from…

  • CVE-2026-10121HigMay 30, 2026
    risk 0.57cvss 8.8epss 0.00

    A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formSetUrlFilter of the file /goform/formSetUrlFilter. This manipulation of the argument keyword_list/keyword causes stack-based buffer overflow. The attack is possible to be carried out…

  • CVE-2026-10120HigMay 30, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSetFirewallRule of the file /goform/formSetFirewallRule. The manipulation of the argument firewall_name results in stack-based buffer overflow. The attack can be executed…

  • CVE-2026-10119HigMay 30, 2026
    risk 0.57cvss 8.8epss 0.00

    A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument filter_name leads to stack-based buffer overflow. Remote exploitation of the attack is…

  • CVE-2026-10063HigMay 29, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formWPS of the file /goform/formWPS. Such manipulation of the argument peerPin leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is…

  • CVE-2026-10062HigMay 29, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of the file /goform/formSetRoute. This manipulation of the argument ip/mask/gateway causes stack-based buffer overflow. The attack is possible to be carried…

  • CVE-2022-37123HigAug 31, 2022
    risk 0.57cvss 8.8epss 0.03

    D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi.

  • CVE-2022-38258HigSep 8, 2022
    risk 0.53cvss 8.1epss 0.01

    A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 allows attackers to cause a Denial of Service (DoS) or access sensitive server information via manipulation of the getpage parameter in a crafted web request.

  • CVE-2022-36620HigAug 31, 2022
    risk 0.51cvss 7.5epss 0.23

    D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /goform/addRouting.

  • CVE-2022-42999HigOct 26, 2022
    risk 0.49cvss 7.5epss 0.03

    D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm.

  • CVE-2022-36619HigAug 31, 2022
    risk 0.49cvss 7.5epss 0.01

    In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC.

  • CVE-2022-37133HigAug 22, 2022
    risk 0.49cvss 7.5epss 0.01

    D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentication via /goform/doReboot. No authentication is required, and reboot is executed when the function returns at the end.

  • CVE-2025-5621HigJun 5, 2025
    risk 0.48cvss 7.3epss 0.07

    A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this vulnerability is the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to os command injection. The…

  • CVE-2025-5620HigJun 5, 2025
    risk 0.48cvss 7.3epss 0.07

    A vulnerability, which was classified as critical, was found in D-Link DIR-816 1.10CNB05. Affected is the function setipsec_config of the file /goform/setipsec_config. The manipulation of the argument localIP/remoteIP leads to os command injection. It is possible to launch the…

  • CVE-2026-4180HigMar 16, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was identified in D-Link DIR-816 1.10CNB05. The impacted element is an unknown function of the file redirect.asp of the component goahead. The manipulation of the argument token_id leads to improper access controls. The attack may be initiated remotely. The…

  • CVE-2025-29743MedApr 22, 2025
    risk 0.42cvss 6.5epss 0.01

    D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting.

  • CVE-2024-57682MedJan 16, 2025
    risk 0.42cvss 6.5epss 0.00

    An information disclosure vulnerability in the component d_status.asp of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to access sensitive information via a crafted POST request.