Vulnerabilities (CVE)

Filtered by vendor Dlink Subscribe
Filtered by product Dir-816l Firmware
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-28956 1 Dlink 2 Dir-816l, Dir-816l Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.
CVE-2022-28955 1 Dlink 2 Dir-816l, Dir-816l Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.
CVE-2020-25786 1 Dlink 12 Dir-645, Dir-645 Firmware, Dir-803 and 9 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header
CVE-2020-15895 1 Dlink 2 Dir-816l, Dir-816l Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.
CVE-2020-15894 1 Dlink 2 Dir-816l, Dir-816l Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT.
CVE-2020-15893 1 Dlink 2 Dir-816l, Dir-816l Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet.
CVE-2019-7642 1 Dlink 10 Dir-816, Dir-816 Firmware, Dir-816l and 7 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).
CVE-2015-5999 1 Dlink 2 Dir-816l, Dir-816l Firmware 2024-11-21 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi.