• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

dir-816l_firmware

CVE-2020-15893

February 26, 2023 by

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet.

CVE-2020-15894

February 26, 2023 by

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT.

CVE-2020-15895

February 26, 2023 by

An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it’s printed on the webpage.

CVE-2022-28955

February 23, 2023 by godfreyd94

An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.

CVE-2022-28956

February 23, 2023 by godfreyd94

An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.

CVE-2022-28958

February 23, 2023 by godfreyd94

** DISPUTED ** D-Link DIR816L_FW206b01 was discovered to contain a remote code execution (RCE) vulnerability via the value parameter at shareport.php. NOTE: this has been disputed by a third party.

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE