cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-13108,https://securityvulnerability.io/vulnerability/CVE-2024-13108,Improper Access Control in D-Link DIR-816 A2 Router,"A vulnerability exists in the D-Link DIR-816 A2 router that affects the handling of access controls in the file /goform/form2NetSniper.cgi. This issue can be exploited remotely, potentially allowing unauthorized access to sensitive functions. The flaw has been publicly disclosed, raising concerns regarding its exploitation. Users of the affected version, 1.10CNB05_R1B011D88210, should take immediate action to secure their devices against potential threats stemming from this vulnerability.",D-link,Dir-816 A2,6.9,MEDIUM,0.00044999999227002263,false,false,false,true,true,false,false,2025-01-02T12:31:05.759Z,0
CVE-2024-13107,https://securityvulnerability.io/vulnerability/CVE-2024-13107,D-Link DIR-816 A2 ACL form2LocalAclEditcfg.cgi access control,A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been classified as critical. This affects an unknown part of the file /goform/form2LocalAclEditcfg.cgi of the component ACL Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.,D-link,Dir-816 A2,6.9,MEDIUM,0.00044999999227002263,false,false,false,true,true,false,false,2025-01-02T12:00:17.338Z,0
CVE-2024-13106,https://securityvulnerability.io/vulnerability/CVE-2024-13106,Access Control Vulnerability in D-Link Router DIR-816 A2,"A serious security vulnerability has been identified in the D-Link DIR-816 A2 router, specifically in the IP QoS handler's file at /goform/form2IPQoSTcAdd. This flaw allows unauthorized access due to improper access control mechanisms. Attackers can exploit this vulnerability remotely, potentially compromising sensitive functionalities of the router. With the exploit disclosed in the public domain, the affected user base is urged to apply necessary mitigations promptly to safeguard their networks.",D-link,Dir-816 A2,6.9,MEDIUM,0.00044999999227002263,false,false,false,true,true,false,false,2025-01-02T11:31:05.262Z,0
CVE-2024-13105,https://securityvulnerability.io/vulnerability/CVE-2024-13105,Improper Access Control in D-Link DIR-816 A2 Device,"A vulnerability exists in the D-Link DIR-816 A2 that allows for improper access controls in the file '/goform/form2Dhcpd.cgi' found within the DHCPD Setting Handler. This flaw may allow remote attackers to manipulate access and exploit the device's functionality. The issue has been publicly disclosed, which raises concerns regarding potential exploitation by malicious entities. Users of the affected product are advised to implement appropriate security measures to mitigate risks.",D-link,Dir-816 A2,6.9,MEDIUM,0.00044999999227002263,false,false,false,true,true,false,false,2025-01-02T11:00:15.898Z,0
CVE-2024-13104,https://securityvulnerability.io/vulnerability/CVE-2024-13104,Access Control Vulnerability in D-Link DIR-816 A2 Wi-Fi Router,"A significant vulnerability in the D-Link DIR-816 A2 allows attackers to exploit improper access controls within the WiFi Settings Handler. The affected component is a function within the file /goform/form2AdvanceSetup.cgi. This vulnerability can be exploited remotely, enabling unauthorized access that could compromise network integrity. With the exploit publicly disclosed, it is crucial for users to take immediate actions to secure their devices against potential malware and unauthorized access.",D-link,Dir-816 A2,6.9,MEDIUM,0.00044999999227002263,false,false,false,true,true,false,false,2025-01-02T10:31:05.831Z,0
CVE-2024-13103,https://securityvulnerability.io/vulnerability/CVE-2024-13103,Improper Access Control in D-Link DIR-816 A2 Router,"A security vulnerability has been identified in the D-Link DIR-816 A2 router, specifically within the Virtual Service Handler component. This vulnerability involves improper access controls related to the processing of the /goform/form2AddVrtsrv.cgi file. As a result, unauthorized individuals may execute remote attacks, potentially compromising the integrity of the device. The publicly disclosed nature of the exploit increases the urgency for users to review their security configurations and apply necessary mitigations.",D-link,Dir-816 A2,6.9,MEDIUM,0.00044999999227002263,false,false,false,true,true,false,false,2025-01-02T10:00:19.082Z,0
CVE-2024-13102,https://securityvulnerability.io/vulnerability/CVE-2024-13102,Improper Access Control in D-Link DIR-816 A2 DDNS Service,"A vulnerability impacting the D-Link DIR-816 A2's DDNS Service has been identified, leading to improper access controls. This security flaw allows remote attackers to manipulate the affected code located in the /goform/DDNS file, potentially resulting in unauthorized access. Given that the vulnerability has been publicly disclosed, stakeholders should prioritize assessing and mitigating the risk associated with this issue to prevent any potential exploitation.",D-link,Dir-816 A2,6.9,MEDIUM,0.00044999999227002263,false,false,false,true,true,false,false,2025-01-02T09:31:05.191Z,0
CVE-2024-0921,https://securityvulnerability.io/vulnerability/CVE-2024-0921,D-Link DIR-816 A2 Web Interface setDeviceSettings os command injection,"A security flaw has been identified in the D-Link DIR-816 A2, specifically affecting the Web Interface component. The vulnerability arises from improper handling of the statuscheckpppoeuser argument within the /goform/setDeviceSettings file, which allows for OS command injection. This weak point can be exploited remotely, posing a serious risk to affected devices. With the exploit publicly disclosed, users are urged to take precautionary measures to secure their networks.",D-Link,DIR-816 A2,9.8,CRITICAL,0.0012799999676644802,false,false,false,true,true,false,false,2024-01-26T13:31:04.255Z,0
CVE-2023-43238,https://securityvulnerability.io/vulnerability/CVE-2023-43238,,D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in form2Dhcpip.cgi.,D-Link,Dir-816 A2 Firmware,9.8,CRITICAL,0.002199999988079071,false,false,false,false,,false,false,2023-09-21T00:00:00.000Z,0
CVE-2023-43236,https://securityvulnerability.io/vulnerability/CVE-2023-43236,,D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi.,D-Link,Dir-816 A2 Firmware,9.8,CRITICAL,0.002199999988079071,false,false,false,false,,false,false,2023-09-21T00:00:00.000Z,0
CVE-2023-43237,https://securityvulnerability.io/vulnerability/CVE-2023-43237,,D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC.,D-Link,Dir-816 A2 Firmware,9.8,CRITICAL,0.002199999988079071,false,false,false,false,,false,false,2023-09-21T00:00:00.000Z,0
CVE-2023-43239,https://securityvulnerability.io/vulnerability/CVE-2023-43239,Stack Overflow Vulnerability in D-Link DIR-816 Router,"A stack overflow vulnerability has been identified in the D-Link DIR-816 A2 v1.10CNB05 router, which arises through the 'flag_5G' parameter in the 'showMACfilterMAC' function. This flaw could potentially allow an attacker to execute arbitrary code or disrupt the normal functioning of the device. It is vital for users of this model to apply security updates or mitigative measures as soon as they are available to safeguard their networks.",D-Link,Dir-816 A2 Firmware,9.8,CRITICAL,0.002199999988079071,false,false,false,false,,false,false,2023-09-21T00:00:00.000Z,0
CVE-2023-43240,https://securityvulnerability.io/vulnerability/CVE-2023-43240,,D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter.,D-Link,Dir-816 A2 Firmware,9.8,CRITICAL,0.002259999979287386,false,false,false,false,,false,false,2023-09-21T00:00:00.000Z,0
CVE-2018-20305,https://securityvulnerability.io/vulnerability/CVE-2018-20305,,"D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lead to a stack-based buffer overflow and overwrite a return address.",D-link,Dir-816 A2 Firmware,9.8,CRITICAL,0.019710000604391098,false,false,false,false,,false,false,2018-12-20T00:00:00.000Z,0
CVE-2018-17067,https://securityvulnerability.io/vulnerability/CVE-2018-17067,,An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address.,D-Link,Dir-816 A2 Firmware,9.8,CRITICAL,0.0052999998442828655,false,false,false,false,,false,false,2018-09-15T21:00:00.000Z,0
CVE-2018-17068,https://securityvulnerability.io/vulnerability/CVE-2018-17068,,An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter.,D-Link,Dir-816 A2 Firmware,9.8,CRITICAL,0.11883000284433365,false,false,false,false,,false,false,2018-09-15T21:00:00.000Z,0
CVE-2018-17066,https://securityvulnerability.io/vulnerability/CVE-2018-17066,,An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter.,D-Link,Dir-816 A2 Firmware,9.8,CRITICAL,0.11883000284433365,false,false,false,false,,false,false,2018-09-15T21:00:00.000Z,0
CVE-2018-17065,https://securityvulnerability.io/vulnerability/CVE-2018-17065,,"An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address.",D-Link,Dir-816 A2 Firmware,9.8,CRITICAL,0.0052999998442828655,false,false,false,false,,false,false,2018-09-15T21:00:00.000Z,0
CVE-2018-17064,https://securityvulnerability.io/vulnerability/CVE-2018-17064,,An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is invoked.,D-Link,Dir-816 A2 Firmware,9.8,CRITICAL,0.11883000284433365,false,false,false,false,,false,false,2018-09-15T21:00:00.000Z,0
CVE-2018-17063,https://securityvulnerability.io/vulnerability/CVE-2018-17063,,An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters.,D-Link,Dir-816 A2 Firmware,9.8,CRITICAL,0.11883000284433365,false,false,false,false,,false,false,2018-09-15T21:00:00.000Z,0
CVE-2018-11013,https://securityvulnerability.io/vulnerability/CVE-2018-11013,,Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header.,D-link,Dir-816 A2 Firmware,9.8,CRITICAL,0.01413000002503395,false,false,false,false,,false,false,2018-05-13T15:00:00.000Z,0