QSearchQSearch

CVE-2021-39509

9.8 CRITICAL

An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function ...

Published: 2021-08-24 · Last updated: 2026-06-17

Severity and scoring

CVSS
9.8 CRITICAL
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-77

Affected products

VendorProduct
dlinkdir-816_firmware

Description

An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell metacharacters.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-12174 A security vulnerability has been detected in D-Link DCS-935L 1.10.01 (8.8 HIGH)
  • CVE-2026-11555 A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006 (3.7 LOW)
  • CVE-2026-11497 A vulnerability has been found in D-Link DCS-5615 1.01.00 (5.3 MEDIUM)
  • CVE-2026-11492 A security flaw has been discovered in D-Link DIR-823G 1.0.2B05 (4.3 MEDIUM)
  • CVE-2026-11339 A vulnerability was detected in D-Link DWR-M920 up to 1.1.50 (6.3 MEDIUM)

Same CWE

  • CVE-2024-24909 Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin (8.8 HIGH)
  • CVE-2025-56814 A code injection vulnerability in the wxExecute() function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding sh... (7.8 HIGH)
  • CVE-2026-12223 A vulnerability was identified in Yealink SIP-T46U 108.86.0.118 (5.5 MEDIUM)
  • CVE-2026-12219 A flaw has been found in Yealink SIP-T46U 108.86.0.118 (6.3 MEDIUM)
  • CVE-2026-12197 A security flaw has been discovered in Ruijie EG105G-P 2.340 (7.2 HIGH)