CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-39509

An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell metacharacters.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.212

EPSS Ranking 95.4%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://github.com/doudoudedi/main-DIR-816_A2_Command-injection
https://github.com/doudoudedi/main-DIR-816_A2_Command-injection/blob/main/injection.md
https://www.dlink.com/en/security-bulletin/
https://github.com/doudoudedi/main-DIR-816_A2_Command-injection
https://github.com/doudoudedi/main-DIR-816_A2_Command-injection/blob/main/injection.md
https://www.dlink.com/en/security-bulletin/

Products affected by CVE-2021-39509

Dlink » Dir-816 » Version: a2

cpe:2.3:h:dlink:dir-816:a2
Dlink » Dir-816 Firmware » Version: 1.10cnb05_r1b011d88210

cpe:2.3:o:dlink:dir-816_firmware:1.10cnb05_r1b011d88210

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-39509

Products

Pricing

Contact Us