How to fix CVE-2025-5621?

Within 24 hours: Inventory all D-Link DIR-816 devices and isolate affected units from production networks if possible. Within 7 days: Implement network segmentation to restrict administrative access to affected devices and deploy WAF rules blocking requests to /goform/qosClassifier. Within 30 days: Develop and execute a replacement plan for all DIR-816 units with supported hardware, establishing a target decommission date.

Is Command Injection affected by CVE-2025-5621?

D-Link DIR-816 routers running firmware 1.10CNB05 contain a critical remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands.

CVE-2025-5621

EUVD-2025-16942 HIGH

2025-06-05 [email protected]

7.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 17:53 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 17:53 euvd

EUVD-2025-16942

PoC Detected

Jun 06, 2025 - 15:42 vuln.today

Public exploit code

CVE Published

Jun 05, 2025 - 00:15 nvd

HIGH 7.3

Description

A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this vulnerability is the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Analysis

A command injection vulnerability in A vulnerability (CVSS 7.3). Risk factors: public PoC available.

Technical Context

CWE-77 (Command Injection). CVSS 7.3 indicates high severity. Affects A vulnerability.

Affected Products

['A vulnerability']

Remediation

Monitor vendor channels for patch availability. Implement input validation and WAF rules as interim mitigation.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +1.0

CVSS: +36

POC: +20

CVE-2025-5621 vulnerability details – vuln.today

Back

CVE-2025-5621

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-5621

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code