CVE-2021-31326Improper Authentication in Dlink Dir-816 Firmware

CWE-287Improper AuthenticationCWE-77Command Injection3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
1.7%
top 17.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dlink Dir-816 Firmware
Timeline
PublishedMar 24
Latest updateMar 25

Description

D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDdlink/dir-816_firmware1.10cnb05

🔴Vulnerability Details

2
GHSA
GHSA-frrx-wmgx-653x: D-Link DIR-816 A2 12022-03-25
CVEList
CVE-2021-31326: D-Link DIR-816 A2 12022-03-23
CVE-2021-31326 — Improper Authentication in Dlink | cvebase