Dlink Dir-816 A2 Firmware vulnerabilities

13 known vulnerabilities affecting dlink/dir-816_a2_firmware.

Total CVEs
13
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL12MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-44835MEDIUMCVSS 6.3v1.10b052025-05-01
CVE-2025-44835 [MEDIUM] CWE-77 CVE-2025-44835: D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell.
nvd
CVE-2024-0921CRITICALCVSS 9.8v1.10cnb042024-01-26
CVE-2024-0921 [MEDIUM] CWE-78 CVE-2024-0921: A vulnerability has been found in D-Link DIR-816 A2 1.10CNB04 and classified as critical. Affected b A vulnerability has been found in D-Link DIR-816 A2 1.10CNB04 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setDeviceSettings of the component Web Interface. The manipulation of the argument statuscheckpppoeuser leads to os command injection. The attack can be launched remotely. The exploit h
nvd
CVE-2023-43238CRITICALCVSS 9.8v1.10cnb052023-09-21
CVE-2023-43238 [CRITICAL] CWE-787 CVE-2023-43238: D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in f D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in form2Dhcpip.cgi.
nvd
CVE-2023-43240CRITICALCVSS 9.8v1.10cnb052023-09-21
CVE-2023-43240 [CRITICAL] CWE-787 CVE-2023-43240: D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter.
nvd
CVE-2023-43237CRITICALCVSS 9.8v1.10cnb052023-09-21
CVE-2023-43237 [CRITICAL] CWE-787 CVE-2023-43237: D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC.
nvd
CVE-2023-43239CRITICALCVSS 9.8v1.10cnb052023-09-21
CVE-2023-43239 [CRITICAL] CWE-787 CVE-2023-43239: D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in sho D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC.
nvd
CVE-2023-43236CRITICALCVSS 9.8v1.10cnb052023-09-21
CVE-2023-43236 [CRITICAL] CWE-787 CVE-2023-43236: D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckppp D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi.
nvd
CVE-2018-17065CRITICALCVSS 9.8v1.10_b052018-09-15
CVE-2018-17065 [CRITICAL] CWE-787 CVE-2018-17065: An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /g An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address.
nvd
CVE-2018-17068CRITICALCVSS 9.8v1.10_b052018-09-15
CVE-2018-17068 [CRITICAL] CWE-78 CVE-2018-17068: An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter.
nvd
CVE-2018-17066CRITICALCVSS 9.8v1.10_b052018-09-15
CVE-2018-17066 [CRITICAL] CWE-78 CVE-2018-17066: An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter.
nvd
CVE-2018-17064CRITICALCVSS 9.8v1.10_b052018-09-15
CVE-2018-17064 [CRITICAL] CWE-78 CVE-2018-17064: An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is invoked.
nvd
CVE-2018-17067CRITICALCVSS 9.8v1.10_b052018-09-15
CVE-2018-17067 [CRITICAL] CWE-787 CVE-2018-17067: An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formL An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address.
nvd
CVE-2018-17063CRITICALCVSS 9.8v1.10_b052018-09-15
CVE-2018-17063 [CRITICAL] CWE-78 CVE-2018-17063: An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters.
nvd