DIR-816A2
by Dlink
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-17064 | Cri | 0.64 | 9.8 | 0.07 | Sep 15, 2018 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is… | ||
| CVE-2023-43240 | 0.05 | — | 0.12 | Sep 21, 2023 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter. | |||
| CVE-2023-43239 | 0.05 | — | 0.12 | Sep 21, 2023 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC. | |||
| CVE-2022-37125 | 0.02 | — | 0.03 | Aug 31, 2022 | D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost. | |||
| CVE-2025-61577 | 0.00 | — | 0.05 | Oct 9, 2025 | D-Link DIR-816A2_FWv1.10CNB05 was discovered to contain a stack overflow via the statuscheckpppoeuser parameter in the dir_setWanWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2025-45931 | 0.00 | — | 0.01 | Jun 30, 2025 | An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file | |||
| CVE-2024-13108 | 0.00 | — | 0.01 | Jan 2, 2025 | A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been declared as critical. This vulnerability affects unknown code of the file /goform/form2NetSniper.cgi. The manipulation leads to improper access controls. The attack can be initiated remotely. The… | |||
| CVE-2024-24321 | 0.00 | — | 0.02 | Feb 8, 2024 | An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function. | |||
| CVE-2023-43242 | 0.00 | — | 0.01 | Sep 21, 2023 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel. | |||
| CVE-2023-43236 | 0.00 | — | 0.01 | Sep 21, 2023 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi. | |||
| CVE-2021-27114 | 0.00 | — | 0.25 | Apr 14, 2021 | An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the"'s_ip" and "s_mac" fields could lead to a Stack-Based Buffer Overflow and overwrite the return address. | |||
| CVE-2019-10042 | 0.00 | — | 0.02 | Mar 25, 2019 | The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/LoadDefaultSettings to reset the router without authentication. |
- risk 0.64cvss 9.8epss 0.07
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is…
- CVE-2023-43240Sep 21, 2023risk 0.05cvss —epss 0.12
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter.
- CVE-2023-43239Sep 21, 2023risk 0.05cvss —epss 0.12
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC.
- CVE-2022-37125Aug 31, 2022risk 0.02cvss —epss 0.03
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost.
- CVE-2025-61577Oct 9, 2025risk 0.00cvss —epss 0.05
D-Link DIR-816A2_FWv1.10CNB05 was discovered to contain a stack overflow via the statuscheckpppoeuser parameter in the dir_setWanWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2025-45931Jun 30, 2025risk 0.00cvss —epss 0.01
An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file
- CVE-2024-13108Jan 2, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been declared as critical. This vulnerability affects unknown code of the file /goform/form2NetSniper.cgi. The manipulation leads to improper access controls. The attack can be initiated remotely. The…
- CVE-2024-24321Feb 8, 2024risk 0.00cvss —epss 0.02
An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function.
- CVE-2023-43242Sep 21, 2023risk 0.00cvss —epss 0.01
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel.
- CVE-2023-43236Sep 21, 2023risk 0.00cvss —epss 0.01
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi.
- CVE-2021-27114Apr 14, 2021risk 0.00cvss —epss 0.25
An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the"'s_ip" and "s_mac" fields could lead to a Stack-Based Buffer Overflow and overwrite the return address.
- CVE-2019-10042Mar 25, 2019risk 0.00cvss —epss 0.02
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/LoadDefaultSettings to reset the router without authentication.