Vulnerability Details CVE-2021-39510
An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell metacharacters.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.065
EPSS Ranking 90.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/doudoudedi/main-DIR-816_A1_Command-injection
- https://github.com/doudoudedi/main-DIR-816_A1_Command-injection/blob/main/injection_A1.md
- https://www.dlink.com/en/security-bulletin/
- https://github.com/doudoudedi/main-DIR-816_A1_Command-injection
- https://github.com/doudoudedi/main-DIR-816_A1_Command-injection/blob/main/injection_A1.md
- https://www.dlink.com/en/security-bulletin/
Products affected by CVE-2021-39510
-
cpe:2.3:h:dlink:dir-816:a1
-
cpe:2.3:o:dlink:dir-816_firmware:101cnb04