DIR-816
by Dlink
CVEs (99)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-37129 | Hig | 0.58 | 8.8 | 0.08 | Aug 31, 2022 | D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte_4836B0 by snprintf, and finally doSystem(&byte_4836B0); will be executed, resulting in a command injection. | ||
| CVE-2026-10183 | Hig | 0.57 | 8.8 | 0.00 | May 31, 2026 | A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. This affects the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument enrollee leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly… | ||
| CVE-2026-10123 | Hig | 0.57 | 8.8 | 0.00 | May 30, 2026 | A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetDomainFilter of the file /goform/formSetDomainFilter. Performing a manipulation of the argument blocked_domain/permitted_domain/blocked_domain_list/permitted_domain_list results in… | ||
| CVE-2026-10122 | Hig | 0.57 | 8.8 | 0.00 | May 30, 2026 | A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file /goform/formSetProtocolFilter. Such manipulation of the argument protocol_name leads to stack-based buffer overflow. The attack may be performed from… | ||
| CVE-2026-10121 | Hig | 0.57 | 8.8 | 0.00 | May 30, 2026 | A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formSetUrlFilter of the file /goform/formSetUrlFilter. This manipulation of the argument keyword_list/keyword causes stack-based buffer overflow. The attack is possible to be carried out… | ||
| CVE-2026-10120 | Hig | 0.57 | 8.8 | 0.00 | May 30, 2026 | A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSetFirewallRule of the file /goform/formSetFirewallRule. The manipulation of the argument firewall_name results in stack-based buffer overflow. The attack can be executed… | ||
| CVE-2026-10119 | Hig | 0.57 | 8.8 | 0.00 | May 30, 2026 | A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument filter_name leads to stack-based buffer overflow. Remote exploitation of the attack is… | ||
| CVE-2026-10063 | Hig | 0.57 | 8.8 | 0.01 | May 29, 2026 | A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formWPS of the file /goform/formWPS. Such manipulation of the argument peerPin leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is… | ||
| CVE-2026-10062 | Hig | 0.57 | 8.8 | 0.01 | May 29, 2026 | A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of the file /goform/formSetRoute. This manipulation of the argument ip/mask/gateway causes stack-based buffer overflow. The attack is possible to be carried… | ||
| CVE-2022-37123 | Hig | 0.57 | 8.8 | 0.03 | Aug 31, 2022 | D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi. | ||
| CVE-2022-38258 | Hig | 0.53 | 8.1 | 0.01 | Sep 8, 2022 | A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 allows attackers to cause a Denial of Service (DoS) or access sensitive server information via manipulation of the getpage parameter in a crafted web request. | ||
| CVE-2022-36620 | Hig | 0.51 | 7.5 | 0.23 | Aug 31, 2022 | D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /goform/addRouting. | ||
| CVE-2022-42999 | Hig | 0.49 | 7.5 | 0.03 | Oct 26, 2022 | D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm. | ||
| CVE-2022-36619 | Hig | 0.49 | 7.5 | 0.01 | Aug 31, 2022 | In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC. | ||
| CVE-2022-37133 | Hig | 0.49 | 7.5 | 0.01 | Aug 22, 2022 | D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentication via /goform/doReboot. No authentication is required, and reboot is executed when the function returns at the end. | ||
| CVE-2025-5621 | Hig | 0.48 | 7.3 | 0.07 | Jun 5, 2025 | A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this vulnerability is the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to os command injection. The… | ||
| CVE-2025-5620 | Hig | 0.48 | 7.3 | 0.07 | Jun 5, 2025 | A vulnerability, which was classified as critical, was found in D-Link DIR-816 1.10CNB05. Affected is the function setipsec_config of the file /goform/setipsec_config. The manipulation of the argument localIP/remoteIP leads to os command injection. It is possible to launch the… | ||
| CVE-2026-4180 | Hig | 0.47 | 7.3 | 0.01 | Mar 16, 2026 | A vulnerability was identified in D-Link DIR-816 1.10CNB05. The impacted element is an unknown function of the file redirect.asp of the component goahead. The manipulation of the argument token_id leads to improper access controls. The attack may be initiated remotely. The… | ||
| CVE-2025-29743 | Med | 0.42 | 6.5 | 0.01 | Apr 22, 2025 | D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting. | ||
| CVE-2024-57682 | Med | 0.42 | 6.5 | 0.00 | Jan 16, 2025 | An information disclosure vulnerability in the component d_status.asp of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to access sensitive information via a crafted POST request. |
- risk 0.58cvss 8.8epss 0.08
D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte_4836B0 by snprintf, and finally doSystem(&byte_4836B0); will be executed, resulting in a command injection.
- risk 0.57cvss 8.8epss 0.00
A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. This affects the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument enrollee leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly…
- risk 0.57cvss 8.8epss 0.00
A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetDomainFilter of the file /goform/formSetDomainFilter. Performing a manipulation of the argument blocked_domain/permitted_domain/blocked_domain_list/permitted_domain_list results in…
- risk 0.57cvss 8.8epss 0.00
A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file /goform/formSetProtocolFilter. Such manipulation of the argument protocol_name leads to stack-based buffer overflow. The attack may be performed from…
- risk 0.57cvss 8.8epss 0.00
A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formSetUrlFilter of the file /goform/formSetUrlFilter. This manipulation of the argument keyword_list/keyword causes stack-based buffer overflow. The attack is possible to be carried out…
- risk 0.57cvss 8.8epss 0.00
A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSetFirewallRule of the file /goform/formSetFirewallRule. The manipulation of the argument firewall_name results in stack-based buffer overflow. The attack can be executed…
- risk 0.57cvss 8.8epss 0.00
A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument filter_name leads to stack-based buffer overflow. Remote exploitation of the attack is…
- risk 0.57cvss 8.8epss 0.01
A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formWPS of the file /goform/formWPS. Such manipulation of the argument peerPin leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is…
- risk 0.57cvss 8.8epss 0.01
A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of the file /goform/formSetRoute. This manipulation of the argument ip/mask/gateway causes stack-based buffer overflow. The attack is possible to be carried…
- risk 0.57cvss 8.8epss 0.03
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi.
- risk 0.53cvss 8.1epss 0.01
A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 allows attackers to cause a Denial of Service (DoS) or access sensitive server information via manipulation of the getpage parameter in a crafted web request.
- risk 0.51cvss 7.5epss 0.23
D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /goform/addRouting.
- risk 0.49cvss 7.5epss 0.03
D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm.
- risk 0.49cvss 7.5epss 0.01
In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC.
- risk 0.49cvss 7.5epss 0.01
D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentication via /goform/doReboot. No authentication is required, and reboot is executed when the function returns at the end.
- risk 0.48cvss 7.3epss 0.07
A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this vulnerability is the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to os command injection. The…
- risk 0.48cvss 7.3epss 0.07
A vulnerability, which was classified as critical, was found in D-Link DIR-816 1.10CNB05. Affected is the function setipsec_config of the file /goform/setipsec_config. The manipulation of the argument localIP/remoteIP leads to os command injection. It is possible to launch the…
- risk 0.47cvss 7.3epss 0.01
A vulnerability was identified in D-Link DIR-816 1.10CNB05. The impacted element is an unknown function of the file redirect.asp of the component goahead. The manipulation of the argument token_id leads to improper access controls. The attack may be initiated remotely. The…
- risk 0.42cvss 6.5epss 0.01
D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting.
- risk 0.42cvss 6.5epss 0.00
An information disclosure vulnerability in the component d_status.asp of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to access sensitive information via a crafted POST request.
Page 3 of 5