Dlink: >> Dir-816 Firmware Security Vulnerabilities
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication.
CVSS Score
9.8
EPSS Score
0.011
Published
2019-03-25
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/form2userconfig.cgi to edit the system account without authentication.
CVSS Score
9.8
EPSS Score
0.008
Published
2019-03-25
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/LoadDefaultSettings to reset the router without authentication.
CVSS Score
7.5
EPSS Score
0.007
Published
2019-03-25
Page 7