Dlink Dir-816 Firmware vulnerabilities

CVE-2024-57682 [MEDIUM] CWE-862 CVE-2024-57682: An information disclosure vulnerability in the component d_status.asp of D-Link 816A2_FWv1.10CNB05_R An information disclosure vulnerability in the component d_status.asp of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to access sensitive information via a crafted POST request.

CVE-2024-57680 [MEDIUM] CWE-863 CVE-2024-57680: An access control issue in the component form2PortriggerRule.cgi of D-Link 816A2_FWv1.10CNB05_R1B011 An access control issue in the component form2PortriggerRule.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the port trigger of the device via a crafted POST request.

CVE-2024-57681 [MEDIUM] CWE-863 CVE-2024-57681: An access control issue in the component form2alg.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allo An access control issue in the component form2alg.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the agl service of the device via a crafted POST request.

CVE-2024-57676 [MEDIUM] CWE-863 CVE-2024-57676: An access control issue in the component form2WlanBasicSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011 An access control issue in the component form2WlanBasicSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G wlan service of the device via a crafted POST request.

CVE-2024-57677 [MEDIUM] CWE-863 CVE-2024-57677: An access control issue in the component form2Wan.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allo An access control issue in the component form2Wan.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the wan service of the device via a crafted POST request.

CVE-2024-13105 [MEDIUM] CWE-266 CVE-2024-13105: A vulnerability has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critica A vulnerability has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/form2Dhcpd.cgi of the component DHCPD Setting Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disc

CVE-2024-13107 [MEDIUM] CWE-266 CVE-2024-13107: A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been classified as cri A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been classified as critical. This affects an unknown part of the file /goform/form2LocalAclEditcfg.cgi of the component ACL Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the pu

CVE-2024-13108 [MEDIUM] CWE-266 CVE-2024-13108: A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been declared as criti A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been declared as critical. This vulnerability affects unknown code of the file /goform/form2NetSniper.cgi. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2024-13103 [MEDIUM] CWE-266 CVE-2024-13103: A vulnerability, which was classified as critical, has been found in D-Link DIR-816 A2 1.10CNB05_R1B A vulnerability, which was classified as critical, has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This issue affects some unknown processing of the file /goform/form2AddVrtsrv.cgi of the component Virtual Service Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been discl

CVE-2024-13104 [MEDIUM] CWE-266 CVE-2024-13104: A vulnerability, which was classified as critical, was found in D-Link DIR-816 A2 1.10CNB05_R1B011D8 A vulnerability, which was classified as critical, was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Affected is an unknown function of the file /goform/form2AdvanceSetup.cgi of the component WiFi Settings Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to

CVE-2024-13106 [MEDIUM] CWE-266 CVE-2024-13106: A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Af A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/form2IPQoSTcAdd of the component IP QoS Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the publ

CVE-2024-13102 [MEDIUM] CWE-266 CVE-2024-13102: A vulnerability classified as critical was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This v A vulnerability classified as critical was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This vulnerability affects unknown code of the file /goform/DDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2023-24331 [CRITICAL] CWE-77 CVE-2023-24331: Command Injection vulnerability in D-Link Dir 816 with firmware version DIR-816_A2_v1.10CNB04 allows Command Injection vulnerability in D-Link Dir 816 with firmware version DIR-816_A2_v1.10CNB04 allows attackers to run arbitrary commands via the urlAdd parameter.

CVE-2024-24321 [CRITICAL] CWE-77 CVE-2024-24321: An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the w An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function.

CVE-2024-0717 [MEDIUM] CWE-200 CVE-2024-0717: A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DI A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530,

CVE-2023-39637 [CRITICAL] CWE-77 CVE-2023-39637: D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the compo D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis.

CVE-2022-42998 [CRITICAL] CWE-787 CVE-2022-42998: D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /go D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd.

CVE-2022-43001 [CRITICAL] CWE-787 CVE-2022-43001: D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function.

CVE-2022-43002 [CRITICAL] CWE-787 CVE-2022-43002: D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd pa D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54.

CVE-2022-43003 [CRITICAL] CWE-787 CVE-2022-43003: D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function.