Dlink Dir-816l Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Dlink Dir-816l Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2022-28956 — CVSS 9.8 (critical): An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.
CVE-2025-13188 — CVSS 9.8 (critical): A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Affected by this vulnerability is the function authenticationcgi_main of the…
CVE-2020-15893 — CVSS 9.8 (critical): An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port…
CVE-2025-13191 — CVSS 8.8 (high): A vulnerability was determined in D-Link DIR-816L 2_06_b09_beta. This issue affects the function soapcgi_main of the file /soap.cgi. This…
CVE-2025-13189 — CVSS 8.8 (high): A vulnerability has been found in D-Link DIR-816L 2_06_b09_beta. This affects the function genacgi_main of the file gena.cgi. The…
CVE-2025-13190 — CVSS 8.8 (high): A vulnerability was found in D-Link DIR-816L 2_06_b09_beta. This vulnerability affects the function scandir_main of the file…
CVE-2022-28955 — CVSS 7.5 (high): An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.
CVE-2020-15894 — CVSS 7.5 (high): An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php…
CVE-2019-7642 — CVSS 7.5 (high): D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain…
CVE-2015-5999 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow…
CVE-2025-46176 — CVSS 6.5 (medium): Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary…
CVE-2025-7836 — CVSS 6.3 (medium): A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function…
CVE-2025-9727 — CVSS 6.3 (medium): A weakness has been identified in D-Link DIR-816L 206b01. Affected by this issue is the function soapcgi_main of the file /soap.cgi. This…
CVE-2020-25786 — CVSS 6.1 (medium): webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This…
CVE-2020-15895 — CVSS 6.1 (medium): An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is…