CVE-2026-8345 PUBLISHED

A security vulnerability has been detected in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this issue is the function sub_445E7C of the file /goform/singlePortForward. Such manipulation of the argument ip_address leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

• stksgg (VulDB User) reporter

• VDB-362661 | D-Link DIR-816 singlePortForward sub_445E7C command injection
• VDB-362661 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #811379 | D-Link DIR816 DIR-816A2_FWv1.10CNB05_R1B011D88210.img Command Injection
• https://github.com/lipenghai/iot_bug/blob/main/D-Link/DIR816/2.md
• https://www.dlink.com/

• Command Injection CWE
• Injection CWE