(Multiple vulnerabilities in D-Link DIR-816
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2025-5622 CVE-2025-5623 CVE-2025-5624 CVE-2025-5630 CVE-2025-5620 CVE-2025-5621 |
| CWE-ID | CWE-121 CWE-78 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. |
| Vulnerable software |
DIR-816 Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | D-Link |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Stack-based buffer overflow
EUVDB-ID: #VU111984
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2025-5622
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the "wirelessApcli_5g" function in /goform/wirelessApcli_5g file. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsDIR-816: 1.10CNB05
CPE2.3 External linkshttps://github.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_50/50.md
https://github.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_50/50.md
https://vuldb.com/?ctiid.311108
https://vuldb.com/?id.311108
https://vuldb.com/?submit.589222
https://www.dlink.com/
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10433
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Stack-based buffer overflow
EUVDB-ID: #VU111987
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2025-5623
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the "qosClassifier" function in "/goform/qosClassifier" file. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsDIR-816: 1.10CNB05
CPE2.3 External linkshttps://github.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_51/51.md
https://github.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_51/51.md
https://vuldb.com/?ctiid.311109
https://vuldb.com/?id.311109
https://vuldb.com/?submit.589224
https://www.dlink.com/
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10433
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Stack-based buffer overflow
EUVDB-ID: #VU111990
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2025-5624
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the "qosClassifier" function in "/goform/qosClassifier" file. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsDIR-816: 1.10CNB05
CPE2.3 External linkshttps://github.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_53/53.md
https://github.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_53/53.md
https://vuldb.com/?ctiid.311110
https://vuldb.com/?id.311110
https://vuldb.com/?submit.589226
https://www.dlink.com/
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10433
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Stack-based buffer overflow
EUVDB-ID: #VU111991
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2025-5630
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the "/goform/form2lansetup.cgi" file. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsDIR-816: 1.10CNB05
CPE2.3 External linkshttps://github.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_54/54.md
https://github.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_54/54.md
https://vuldb.com/?ctiid.311116
https://vuldb.com/?id.311116
https://vuldb.com/?submit.589779
https://www.dlink.com/
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10433
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) OS Command Injection
EUVDB-ID: #VU111992
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2025-5620
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the "setipsec_config" function in "/goform/setipsec_config" file. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsDIR-816: 1.10CNB05
CPE2.3 External linkshttps://github.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_48/48.md
https://github.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_48/48.md
https://vuldb.com/?ctiid.311106
https://vuldb.com/?id.311106
https://vuldb.com/?submit.589220
https://www.dlink.com/
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10433
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) OS Command Injection
EUVDB-ID: #VU111993
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2025-5621
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the "qosClassifier" function in "/goform/qosClassifier" file. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsDIR-816: 1.10CNB05
CPE2.3 External linkshttps://github.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_49/49.md
https://github.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_49/49.md
https://vuldb.com/?ctiid.311107
https://vuldb.com/?id.311107
https://vuldb.com/?submit.589221
https://www.dlink.com/
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10433
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
