Dlink Dir-816 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Dlink Dir-816 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (73)
CVE-2022-29321 — CVSS 9.8 (critical): D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan.
CVE-2024-57684 — CVSS 9.8 (critical): An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the…
CVE-2023-24331 — CVSS 9.8 (critical): Command Injection vulnerability in D-Link Dir 816 with firmware version DIR-816_A2_v1.10CNB04 allows attackers to run arbitrary commands…
CVE-2023-39637 — CVSS 9.8 (critical): D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis.
CVE-2026-4184 — CVSS 9.8 (critical): A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unknown functionality of the file…
CVE-2026-4183 — CVSS 9.8 (critical): A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSe…
CVE-2026-4182 — CVSS 9.8 (critical): A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unknown function of the file /goform/form2Wl5RepeaterStep2.cgi…
CVE-2026-4181 — CVSS 9.8 (critical): A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi…
CVE-2025-5630 — CVSS 9.8 (critical): A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vulnerability affects unknown code of the file…
CVE-2024-24321 — CVSS 9.8 (critical): An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the…
CVE-2019-10039 — CVSS 9.8 (critical): The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from…
CVE-2019-10040 — CVSS 9.8 (critical): The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from…
CVE-2019-10041 — CVSS 9.8 (critical): The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from…
CVE-2025-5624 — CVSS 9.8 (critical): A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function…
CVE-2025-5623 — CVSS 9.8 (critical): A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the…
CVE-2021-26810 — CVSS 9.8 (critical): D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string…
CVE-2025-45931 — CVSS 9.8 (critical): An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in…
CVE-2021-27113 — CVSS 9.8 (critical): An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the…
CVE-2021-27114 — CVSS 9.8 (critical): An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long…
CVE-2021-31326 — CVSS 9.8 (critical): D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to…
CVE-2021-39509 — CVSS 9.8 (critical): An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of…
CVE-2021-39510 — CVSS 9.8 (critical): An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function…
CVE-2022-28915 — CVSS 9.8 (critical): D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in…
CVE-2025-5622 — CVSS 9.8 (critical): A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g…
CVE-2022-29322 — CVSS 9.8 (critical): D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip.
CVE-2022-29323 — CVSS 9.8 (critical): D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment.
CVE-2022-29324 — CVSS 9.8 (critical): D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd.
CVE-2022-29325 — CVSS 9.8 (critical): D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter.
CVE-2022-29326 — CVSS 9.8 (critical): D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter.
CVE-2022-29327 — CVSS 9.8 (critical): D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel.
CVE-2022-37128 — CVSS 9.8 (critical): In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end.
CVE-2022-37130 — CVSS 9.8 (critical): In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the…
CVE-2022-37134 — CVSS 9.8 (critical): D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wantype is 3, l2tp_usrname will be…
CVE-2022-42998 — CVSS 9.8 (critical): D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd.
CVE-2022-43000 — CVSS 9.8 (critical): D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4.
CVE-2022-43001 — CVSS 9.8 (critical): D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function.
CVE-2022-43002 — CVSS 9.8 (critical): D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54.
CVE-2022-43003 — CVSS 9.8 (critical): D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function.
CVE-2022-37129 — CVSS 8.8 (high): D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command…
CVE-2025-60679 — CVSS 8.8 (high): A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1.10CNB05_R1B011D88210.img in the…
CVE-2022-37123 — CVSS 8.8 (high): D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi.
CVE-2019-10042 — CVSS 7.5 (high): The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from…
CVE-2022-42999 — CVSS 7.5 (high): D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at…
CVE-2022-36620 — CVSS 7.5 (high): D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /goform/addRouting.
CVE-2022-36619 — CVSS 7.5 (high): In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC.
CVE-2022-37133 — CVSS 7.5 (high): D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentication via /goform/doReboot. No authentication is required, and reboot…
CVE-2019-7642 — CVSS 7.5 (high): D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain…
CVE-2025-61577 — CVSS 7.5 (high): D-Link DIR-816A2_FWv1.10CNB05 was discovered to contain a stack overflow via the statuscheckpppoeuser parameter in the dir_setWanWifi…
CVE-2025-5620 — CVSS 7.3 (high): A vulnerability, which was classified as critical, was found in D-Link DIR-816 1.10CNB05. Affected is the function setipsec_config of the…
CVE-2025-5621 — CVSS 7.3 (high): A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this vulnerability is the function…
CVE-2026-4180 — CVSS 7.3 (high): A vulnerability was identified in D-Link DIR-816 1.10CNB05. The impacted element is an unknown function of the file redirect.asp of the…
CVE-2024-57676 — CVSS 6.5 (medium): An access control issue in the component form2WlanBasicSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers…
CVE-2024-57677 — CVSS 6.5 (medium): An access control issue in the component form2Wan.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the…
CVE-2024-57678 — CVSS 6.5 (medium): An access control issue in the component form2WlAc.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set…
CVE-2024-57679 — CVSS 6.5 (medium): An access control issue in the component form2RepeaterSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers…
CVE-2024-57682 — CVSS 6.5 (medium): An information disclosure vulnerability in the component d_status.asp of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated…
CVE-2026-8346 — CVSS 6.3 (medium): A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of…
CVE-2026-8345 — CVSS 6.3 (medium): A security vulnerability has been detected in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this issue is the function sub_445E7C of…
CVE-2026-8344 — CVSS 6.3 (medium): A weakness has been identified in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this vulnerability is the function sub_445E7C of the…
CVE-2024-13108 — CVSS 5.3 (medium): A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been declared as critical. This vulnerability affects unknown…
CVE-2024-13107 — CVSS 5.3 (medium): A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been classified as critical. This affects an unknown part of…
CVE-2024-13106 — CVSS 5.3 (medium): A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this issue is some unknown…
CVE-2024-13104 — CVSS 5.3 (medium): A vulnerability, which was classified as critical, was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Affected is an unknown function…
CVE-2024-13103 — CVSS 5.3 (medium): A vulnerability, which was classified as critical, has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This issue affects some…
CVE-2024-13102 — CVSS 5.3 (medium): A vulnerability classified as critical was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This vulnerability affects unknown code of…
CVE-2024-0717 — CVSS 5.3 (medium): A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S…
CVE-2024-13105 — CVSS 5.3 (medium): A vulnerability has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this vulnerability is an…
CVE-2024-57681 — CVSS 5.3 (medium): An access control issue in the component form2alg.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the…
CVE-2024-57680 — CVSS 5.3 (medium): An access control issue in the component form2PortriggerRule.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers…
CVE-2024-57683 — CVSS 4.3 (medium): An access control issue in the component websURLFilterAddDel of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to…
CVE-2025-1392 — CVSS 3.5 (low): A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic. Affected by this vulnerability is an unknown…