Dir-816l firmware

This hub aggregates every CVE we track for Dir-816l firmware, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Dir-816l firmware.

• CVE-2025-13191D-Link DIR-816L soap.cgi soapcgi_main stack-based overflow8.8Nov 15, 2025
• CVE-2025-13190D-Link DIR-816L __ajax_exporer.sgi scandir_main stack-based overflow8.8Nov 15, 2025
• CVE-2025-13189D-Link DIR-816L gena.cgi genacgi_main stack-based overflow8.8Nov 15, 2025
• CVE-2025-13188D-Link DIR-816L authentication.cgi authenticationcgi_main stack-based overflow9.8Nov 14, 2025
• CVE-2025-9727D-Link DIR-816L soap.cgi soapcgi_main os command injection6.3Aug 31, 2025
• CVE-2025-7836D-Link DIR-816L Environment Variable cgibin lxmldbc_system command injection6.3Jul 19, 2025
• CVE-2025-46176Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis.6.5May 23, 2025
• CVE-2022-28956An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.9.8May 18, 2022
• CVE-2022-28955An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.7.5May 18, 2022
• CVE-2020-25786webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported ...6.1Sep 19, 2020
• CVE-2020-15893An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injectin...9.8Jul 22, 2020
• CVE-2020-15894An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be uti...7.5Jul 22, 2020
• CVE-2020-15895An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the ...6.1Jul 22, 2020
• CVE-2019-7642D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets includ...7.5Mar 25, 2019
• CVE-2015-5999Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administr...6.8Nov 18, 2015