Stksgg

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-816 version 1.10CNB05 R1B011D88210 **Description** A command injection flaw exists in the `/goform/formDMZ.cgi` endpoint. The issue is located within the `sub 445E7C()` function, allowing a remote attacker to execute arbitrary commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-816 version 1.10CNB05 R1B011D88210 **Description** A command injection issue exists that allows a remote attacker to execute arbitrary commands. The flaw is located in the `sub 445E7C()` function within the '/goform/singlePortForward' endpoint, triggered by manipulating the `ip address` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/goform/singlePortForward' endpoint or avoid using the `ip address` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-816 version 1.10CNB05 R1B011D88210 **Description** A remote command injection issue exists in the `portForward()` function. By manipulating the `ip address` argument, an attacker can execute arbitrary commands on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `portForward()` function to minimize the risk of exploitation.