Skip to main content

Dir 816 Firmware CVE-2025-5624

| EUVDEUVD-2025-16950 CRITICAL
Buffer Overflow (CWE-119)
2025-06-05 cna@vuldb.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
EUVD ID Assigned
Mar 14, 2026 - 17:53 euvd
EUVD-2025-16950
Analysis Generated
Mar 14, 2026 - 17:53 vuln.today
PoC Detected
Jun 06, 2025 - 15:42 vuln.today
Public exploit code
CVE Published
Jun 05, 2025 - 01:15 nvd
CRITICAL 9.8

DescriptionCVE.org

A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The manipulation of the argument port0_group/port0_remarker/ssid0_group/ssid0_remarker leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 firmware version 1.10CNB05 affecting the QoSPortSetup function. An unauthenticated remote attacker can exploit this vulnerability by manipulating port0_group, port0_remarker, ssid0_group, or ssid0_remarker parameters to achieve arbitrary code execution, complete system compromise (confidentiality, integrity, availability), and full device takeover. Public exploit code has been disclosed, increasing real-world exploitation risk significantly.

Technical ContextAI

The vulnerability exists in the /goform/QoSPortSetup endpoint of D-Link DIR-816 wireless router firmware, specifically in the QoS (Quality of Service) configuration handler. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic stack-based buffer overflow. The vulnerable function fails to properly validate the length of user-supplied input parameters (port0_group, port0_remarker, ssid0_group, ssid0_remarker) before copying them into fixed-size stack buffers. This allows attackers to write beyond allocated buffer boundaries, corrupting the stack frame and overwriting return addresses or other critical data structures. The attack surface is the HTTP form handler endpoint, accessible via the router's web administrative interface. Affected hardware: D-Link DIR-816 router running firmware version 1.10CNB05 (CPE would be: cpe:2.3:o:d-link:dir-816_firmware:1.10cnb05:*:*:*:*:*:*:*).

RemediationAI

No vendor patches are available since this product is end-of-life and no longer supported by D-Link. Remediation options are limited: (1) HARDWARE REPLACEMENT: Organizations still deploying DIR-816 units should immediately plan replacement with current, supported router models from D-Link or alternative vendors; (2) NETWORK ISOLATION: If replacement is not immediately feasible, isolate affected routers from untrusted networks and implement network segmentation to limit exposure; (3) ACCESS RESTRICTION: Disable remote web-based administration (ensure WAN access to HTTP/HTTPS administrative interfaces is blocked); restrict administrative access to trusted internal networks only; (4) FIREWALL RULES: Implement strict firewall policies blocking external access to port 80/443 on affected devices; (5) MONITORING: Enable logging on affected devices and monitor for suspicious QoS configuration requests to /goform/QoSPortSetup endpoint; (6) FIRMWARE CHECK: Verify no other DIR-816 units in inventory are still running 1.10CNB05; if other versions exist, assess if they contain similar vulnerabilities; (7) INCIDENT RESPONSE: Organizations that have deployed DIR-816 units should assume breach risk and audit for signs of compromise (unusual traffic patterns, unauthorized configuration changes, potential command injection artifacts). No upstream patch is forthcoming from D-Link.

CVE-2024-24321 CRITICAL POC
9.8 Feb 08

An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 pa

CVE-2025-45931 CRITICAL POC
9.8 Jun 30

An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via sy

CVE-2025-5623 CRITICAL POC
9.8 Jun 05

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 1.10CNB05 affecting the qosClassifier function's di

CVE-2025-5630 CRITICAL POC
9.8 Jun 05

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 firmware version 1.10CNB05 affecting the /goform/fo

CVE-2025-5622 CRITICAL POC
9.8 Jun 05

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 wireless router (version 1.10CNB05) affecting the 5

CVE-2022-43003 CRITICAL POC
9.8 Oct 26

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecur

CVE-2022-43002 CRITICAL POC
9.8 Oct 26

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/f

CVE-2022-43001 CRITICAL POC
9.8 Oct 26

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity func

CVE-2022-43000 CRITICAL POC
9.8 Oct 26

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/fo

CVE-2022-42998 CRITICAL POC
9.8 Oct 26

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd

CVE-2022-37130 CRITICAL POC
9.8 Aug 31

In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagn

CVE-2022-37125 CRITICAL POC
9.8 Aug 31

D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost. Rated critical severity

Share

CVE-2025-5624 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy