CVE-2026-4180 MEDIUM

CVE-2026-4180: D-Link DIR-816 goahead redirect.asp access control

Vendor D-Link

Product DIR-816

Weakness CWE-284

Published March 15, 2026

Last update March 17, 2026

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was identified in D-Link DIR-816 1.10CNB05. The impacted element is an unknown function of the file redirect.asp of the component goahead. The manipulation of the argument token_id leads to improper access controls. The attack may be initiated remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.

Key dates

02Disclosure timeline

March 15, 2026 CVE published

March 17, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-4180 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

CVE-2026-4180: D-Link DIR-816 goahead redirect.asp access control

01Description

02Disclosure timeline

03References

04Related CVE