CVE-2026-4180
Improper Access Control in D-Link DIR-816 goahead Redirect.asp
Publication date: 2026-03-16
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-816_firmware | 1.10cnb05 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
There are no known countermeasures or mitigations available for this vulnerability as the affected product is no longer supported by the vendor, D-Link.
The recommended immediate step is to replace the affected D-Link DIR-816 router model with an alternative, supported product to eliminate the risk.
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-4180 is a critical access control vulnerability in the D-Link DIR-816 router, version 1.10CNB05, specifically in the goahead web server component's file redirect.asp. The vulnerability arises from improper handling of the token_id argument, allowing unauthorized remote attackers to bypass access controls without any authentication."}, {'type': 'paragraph', 'content': 'An attacker can access the redirect.asp page without authentication, which discloses the token_id used by the router for authentication. By obtaining this token_id, the attacker can bypass all authentication controls and potentially modify critical router settings, such as resetting the Wi-Fi password, leading to a complete compromise of the deviceβs wireless security.'}] [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized remote access to the affected router without any authentication, allowing attackers to bypass access controls.
- Attackers can obtain the authentication token (token_id) and use it to gain full control over the device.
- Unauthorized modification of critical router configurations, including resetting the Wi-Fi password.
- Compromise of the confidentiality, integrity, and availability of the device.
Since the affected product is no longer supported by the vendor, no known mitigations exist, making replacement of the device the recommended action.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking for the presence of the vulnerable redirect.asp page on the D-Link DIR-816 router version 1.10CNB05. Attackers can identify vulnerable targets using Google dorking techniques such as searching for "inurl:redirect.asp".'}, {'type': 'paragraph', 'content': 'To detect this on your network or system, you can attempt to access the redirect.asp page without authentication and observe if the token_id argument is exposed or accessible.'}, {'type': 'list_item', 'content': 'Use a web browser or curl command to access the URL: http://[router_ip]/redirect.asp'}, {'type': 'list_item', 'content': 'Example curl command: curl -v http://[router_ip]/redirect.asp'}, {'type': 'list_item', 'content': 'Look for the presence of a token_id parameter in the response or URL, which indicates the vulnerability.'}] [1]