Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor D-link Subscribe
Filtered by product Dir-816l Firmware
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-15894 1 D-link 2 Dir-816l, Dir-816l Firmware 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT.
CVE-2020-15893 1 D-link 2 Dir-816l, Dir-816l Firmware 2020-07-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet.
CVE-2020-15895 1 D-link 2 Dir-816l, Dir-816l Firmware 2020-07-24 4.3 MEDIUM 6.1 MEDIUM
An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.
CVE-2015-5999 1 D-link 2 Dir-816l, Dir-816l Firmware 2018-10-09 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi.