Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor D-link Subscribe
Filtered by product Dir-816 A2
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-11013 1 D-link 2 Dir-816 A2, Dir-816 A2 Firmware 2020-08-24 10.0 HIGH 9.8 CRITICAL
Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header.
CVE-2018-17065 1 D-link 2 Dir-816 A2, Dir-816 A2 Firmware 2020-08-24 10.0 HIGH 9.8 CRITICAL
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address.
CVE-2018-17067 1 D-link 2 Dir-816 A2, Dir-816 A2 Firmware 2020-08-24 10.0 HIGH 9.8 CRITICAL
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address.
CVE-2018-20305 1 D-link 2 Dir-816 A2, Dir-816 A2 Firmware 2020-08-24 7.5 HIGH 9.8 CRITICAL
D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lead to a stack-based buffer overflow and overwrite a return address.
CVE-2018-17066 1 D-link 2 Dir-816 A2, Dir-816 A2 Firmware 2019-10-02 10.0 HIGH 9.8 CRITICAL
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter.
CVE-2018-17063 1 D-link 2 Dir-816 A2, Dir-816 A2 Firmware 2019-10-02 10.0 HIGH 9.8 CRITICAL
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters.
CVE-2018-17064 1 D-link 2 Dir-816 A2, Dir-816 A2 Firmware 2019-10-02 10.0 HIGH 9.8 CRITICAL
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is invoked.
CVE-2018-17068 1 D-link 2 Dir-816 A2, Dir-816 A2 Firmware 2019-10-02 10.0 HIGH 9.8 CRITICAL
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter.