Dlink: >> Dir-816 A2 Firmware >> 1.10_b05 Security Vulnerabilities
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters.
CVSS Score
9.8
EPSS Score
0.145
Published
2018-09-15
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is invoked.
CVSS Score
9.8
EPSS Score
0.145
Published
2018-09-15
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-09-15
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter.
CVSS Score
9.8
EPSS Score
0.295
Published
2018-09-15
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-09-15
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter.
CVSS Score
9.8
EPSS Score
0.145
Published
2018-09-15