CVE-2021-39509
published 2021-08-24CVE-2021-39509: An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell metacharacters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dlink | dir-816_firmware | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL