Dlink Dir-816 Firmware vulnerabilities

CVE-2026-4183 [HIGH] CWE-119 CVE-2026-4183: A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown funct A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of the component goahead. Such manipulation of the argument pskValue leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. This v

CVE-2026-4184 [HIGH] CWE-119 CVE-2026-4184: A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unkno A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unknown functionality of the file /goform/form2Wl5BasicSetup.cgi of the component goahead. Performing a manipulation of the argument pskValue results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public a

CVE-2026-4181 [HIGH] CWE-119 CVE-2026-4181: A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument key1/key2/key3/key4/pskValue results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and m

CVE-2026-4182 [HIGH] CWE-119 CVE-2026-4182: A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unknown function of the A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unknown function of the file /goform/form2Wl5RepeaterStep2.cgi of the component goahead. This manipulation of the argument key1/key2/key3/key4/pskValue causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the pu

CVE-2026-4180 [MEDIUM] CWE-266 CVE-2026-4180: A vulnerability was identified in D-Link DIR-816 1.10CNB05. The impacted element is an unknown funct A vulnerability was identified in D-Link DIR-816 1.10CNB05. The impacted element is an unknown function of the file redirect.asp of the component goahead. The manipulation of the argument token_id leads to improper access controls. The attack may be initiated remotely. The exploit is publicly available and might be used. This vulnerability only affect

CVE-2025-60679 [HIGH] CWE-121 CVE-2025-60679: A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1. A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1.10CNB05_R1B011D88210.img in the upload.cgi module, which handles firmware version information. The vulnerability occurs because /proc/version is read into a 512-byte buffer and then concatenated using sprintf() into another 512-byte buffer containing a

CVE-2025-61577 [HIGH] CWE-121 CVE-2025-61577: D-Link DIR-816A2_FWv1.10CNB05 was discovered to contain a stack overflow via the statuscheckpppoeuse D-Link DIR-816A2_FWv1.10CNB05 was discovered to contain a stack overflow via the statuscheckpppoeuser parameter in the dir_setWanWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE-2025-45931 [CRITICAL] CWE-77 CVE-2025-45931: An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute a An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file

CVE-2025-5624 [CRITICAL] CWE-119 CVE-2025-5624: A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulner A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The manipulation of the argument port0_group/port0_remarker/ssid0_group/ssid0_remarker leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit

CVE-2025-5623 [CRITICAL] CWE-119 CVE-2025-5623: A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affe A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the publ

CVE-2025-5622 [CRITICAL] CWE-119 CVE-2025-5622: A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this i A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g of the file /goform/wirelessApcli_5g. The manipulation of the argument apcli_mode_5g/apcli_enc_5g/apcli_default_key_5g leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has bee

CVE-2025-5630 [CRITICAL] CWE-119 CVE-2025-5630: A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vulnerab A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vulnerability affects unknown code of the file /goform/form2lansetup.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulner

CVE-2025-5620 [MEDIUM] CWE-77 CVE-2025-5620: A vulnerability, which was classified as critical, was found in D-Link DIR-816 1.10CNB05. Affected i A vulnerability, which was classified as critical, was found in D-Link DIR-816 1.10CNB05. Affected is the function setipsec_config of the file /goform/setipsec_config. The manipulation of the argument localIP/remoteIP leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be use

CVE-2025-5621 [MEDIUM] CWE-77 CVE-2025-5621: A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by t A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this vulnerability is the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public a

CVE-2025-29743 [MEDIUM] CWE-77 CVE-2025-29743: D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting. D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting.

CVE-2025-1392 [MEDIUM] CWE-79 CVE-2025-1392: A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic. Affected by t A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/webproc?getpage=html/index.html&var:menu=24gwlan&var:page=24G_basic. The manipulation of the argument SSID leads to cross site scripting. The attack can be launched remotely. The exploit

CVE-2024-57684 [CRITICAL] CWE-276 CVE-2024-57684: An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allow An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request.

CVE-2024-57679 [MEDIUM] CWE-863 CVE-2024-57679: An access control issue in the component form2RepeaterSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D An access control issue in the component form2RepeaterSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G repeater service of the device via a crafted POST request.

CVE-2024-57683 [MEDIUM] CWE-863 CVE-2024-57683: An access control issue in the component websURLFilterAddDel of D-Link 816A2_FWv1.10CNB05_R1B011D882 An access control issue in the component websURLFilterAddDel of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the filter settings of the device via a crafted POST request.

CVE-2024-57678 [MEDIUM] CWE-863 CVE-2024-57678: An access control issue in the component form2WlAc.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 all An access control issue in the component form2WlAc.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G mac access control list of the device via a crafted POST request.