Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
D-Link DIR-816 A2 <= 1.11 Multiple Vulnerabilities
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
D-Link DIR-816 devices are prone to multiple vulnerabilities.
Insight
Insight
Following vulnerabilities exist: - An attacker can get a token from dir_login.asp and use an API URL /goform/setSysAdm to edit the web or system account without authentication. - An attacker can get a token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication. - An attacker can get a token from dir_login.asp and use a hidden API URL /goform/form2userconfig.cgi to edit the system account without authentication. - An attacker can get a token form dir_login.asp and use a hidden API URL /goform/LoadDefaultSettings to reset the router without authentication.
Affected Software
Affected Software
D-Link DIR-816 A2 through firmware version 1.11.
Detection Method
Detection Method
Tries to execute a command on the device.
Solution
Solution
No known solution is available as of 02nd August, 2019. Information regarding this issue will be updated once solution details are available.