Improper Access Controls in D-Link DIR-816 by D-Link
CVE-2026-4180

6.9MEDIUM

Key Information:

Vendor: D-link
Status: Dir-816
Vendor: CVE Published:; 15 March 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-4180?

A vulnerability exists in the D-Link DIR-816 model 1.10CNB05, specifically within the redirect.asp file of the goahead component. This flaw involves improper access controls due to manipulation of the token_id argument, enabling unauthorized access. The vulnerability can be exploited remotely, particularly affecting devices that are no longer supported by D-Link, with publicly available exploits increasing the risk of potential attacks.

Affected Version(s)

DIR-816 1.10CNB05

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-4180 - Proof of Concept

References

https://vuldb.com/?id.351084

vdb-entrytechnical-description

https://vuldb.com/?ctiid.351084

signaturepermissions-required

https://vuldb.com/?submit.769828

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Mar 15, 2026
👾
Exploit known to exist
Mar 15, 2026
Vulnerability published
Mar 15, 2026
Vulnerability Reserved
Mar 14, 2026

Credit

pjqwudi (VulDB User)

CVE-2026-4180 Data

JSON

D-link