Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Dir\-816_firmware
(Dlink)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 37 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-10-26 | CVE-2022-42998 | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd. | Dir\-816_firmware | 9.8 | ||
| 2022-10-26 | CVE-2022-43000 | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4. | Dir\-816_firmware | 9.8 | ||
| 2022-10-26 | CVE-2022-43001 | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function. | Dir\-816_firmware | 9.8 | ||
| 2022-10-26 | CVE-2022-43002 | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54. | Dir\-816_firmware | 9.8 | ||
| 2022-10-26 | CVE-2022-43003 | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function. | Dir\-816_firmware | 9.8 | ||
| 2022-08-31 | CVE-2022-37125 | D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost. | Dir\-816_firmware | 9.8 | ||
| 2022-08-31 | CVE-2022-37128 | In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end. | Dir\-816_firmware | 9.8 | ||
| 2022-08-31 | CVE-2022-36619 | In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC. | Dir\-816_firmware | 7.5 | ||
| 2022-08-22 | CVE-2022-37133 | D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentication via /goform/doReboot. No authentication is required, and reboot is executed when the function returns at the end. | Dir\-816_firmware | 7.5 | ||
| 2021-03-30 | CVE-2021-26810 | D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi, which can lead to command injection via shell metacharacters in the statuscheckpppoeuser parameter. | Dir\-816_firmware | 9.8 |