CVE-2026-4180

HIGH

D-Link DIR-816 1.10CNB05 - Auth Bypass

Title source: llm

Description

A vulnerability was identified in D-Link DIR-816 1.10CNB05. The impacted element is an unknown function of the file redirect.asp of the component goahead. The manipulation of the argument token_id leads to improper access controls. The attack may be initiated remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.

References (5)

[Permissions Required, VDB Entry] https://vuldb.com/?id.351084

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.351084

[Permissions Required, VDB Entry] https://vuldb.com/?submit.769828

[Third Party Advisory] https://github.com/wudipjq/my_vuln/blob/main/D-Link7/vuln_84/84.md

View Writeup ZIP pw:eip

[Various Sources] https://www.dlink.com/

Scores

CVSS v3 7.3

EPSS 0.0003

EPSS Percentile 8.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-266 CWE-284

Status published

Products (2)

D-Link/DIR-816 1.10CNB05

dlink/dir-816_firmware 1.10cnb05

Published Mar 16, 2026

Tracked Since Mar 16, 2026