Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Dir\-816_firmware
(Dlink)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 37 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-03-30 | CVE-2021-26810 | D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi, which can lead to command injection via shell metacharacters in the statuscheckpppoeuser parameter. | Dir\-816_firmware | 9.8 | ||
| 2021-04-14 | CVE-2021-27113 | An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters. | Dir\-816_firmware | 9.8 | ||
| 2021-04-14 | CVE-2021-27114 | An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the"'s_ip" and "s_mac" fields could lead to a Stack-Based Buffer Overflow and overwrite the return address. | Dir\-816_firmware | 9.8 | ||
| 2021-08-24 | CVE-2021-39509 | An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell metacharacters. | Dir\-816_firmware | 9.8 | ||
| 2021-08-24 | CVE-2021-39510 | An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell metacharacters. | Dir\-816_firmware | 9.8 | ||
| 2022-03-24 | CVE-2021-31326 | D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi. | Dir\-816_firmware | 9.8 | ||
| 2022-05-10 | CVE-2022-29321 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan. | Dir\-816_firmware | 9.8 | ||
| 2022-05-10 | CVE-2022-28915 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm. | Dir\-816_firmware | 9.8 | ||
| 2022-05-10 | CVE-2022-29322 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip. | Dir\-816_firmware | 9.8 | ||
| 2022-05-10 | CVE-2022-29323 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment. | Dir\-816_firmware | 9.8 |