{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T18:01:26.834","vulnerabilities":[{"cve":{"id":"CVE-2021-26810","sourceIdentifier":"cve@mitre.org","published":"2021-03-30T14:15:13.607","lastModified":"2024-11-21T05:56:51.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi, which can lead to command injection via shell metacharacters in the statuscheckpppoeuser parameter."},{"lang":"es","value":"D-link DIR-816 A2 versión v1.10 está afectado por una vulnerabilidad de inyección de código remoto. Se puede usar un parámetro de petición HTTP en la construcción de cadenas de comandos en la función del manejador de /goform/dir_setWanWifi, que puede conllevar a una inyección de comandos por medio de metacaracteres de shell en el parámetro statuscheckpppoeuser."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dir-816_firmware:1.10b05:*:*:*:*:*:*:*","matchCriteriaId":"B12CE36E-C7F7-4FE7-BA46-8EC5B61F617E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dir-816:a2:*:*:*:*:*:*:*","matchCriteriaId":"1A3AC507-7219-401E-AC60-12D96382E4B7"}]}]}],"references":[{"url":"https://github.com/GD008/vuln/blob/main/DIR-816.md","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.dlink.com/en/security-bulletin/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://github.com/GD008/vuln/blob/main/DIR-816.md","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.dlink.com/en/security-bulletin/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}