Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The manipulation of the argument port0_group/port0_remarker/ssid0_group/ssid0_remarker leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
AnalysisAI
Critical stack-based buffer overflow vulnerability in D-Link DIR-816 firmware version 1.10CNB05 affecting the QoSPortSetup function. An unauthenticated remote attacker can exploit this vulnerability by manipulating port0_group, port0_remarker, ssid0_group, or ssid0_remarker parameters to achieve arbitrary code execution, complete system compromise (confidentiality, integrity, availability), and full device takeover. Public exploit code has been disclosed, increasing real-world exploitation risk significantly.
Technical ContextAI
The vulnerability exists in the /goform/QoSPortSetup endpoint of D-Link DIR-816 wireless router firmware, specifically in the QoS (Quality of Service) configuration handler. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic stack-based buffer overflow. The vulnerable function fails to properly validate the length of user-supplied input parameters (port0_group, port0_remarker, ssid0_group, ssid0_remarker) before copying them into fixed-size stack buffers. This allows attackers to write beyond allocated buffer boundaries, corrupting the stack frame and overwriting return addresses or other critical data structures. The attack surface is the HTTP form handler endpoint, accessible via the router's web administrative interface. Affected hardware: D-Link DIR-816 router running firmware version 1.10CNB05 (CPE would be: cpe:2.3:o:d-link:dir-816_firmware:1.10cnb05:*:*:*:*:*:*:*).
RemediationAI
No vendor patches are available since this product is end-of-life and no longer supported by D-Link. Remediation options are limited: (1) HARDWARE REPLACEMENT: Organizations still deploying DIR-816 units should immediately plan replacement with current, supported router models from D-Link or alternative vendors; (2) NETWORK ISOLATION: If replacement is not immediately feasible, isolate affected routers from untrusted networks and implement network segmentation to limit exposure; (3) ACCESS RESTRICTION: Disable remote web-based administration (ensure WAN access to HTTP/HTTPS administrative interfaces is blocked); restrict administrative access to trusted internal networks only; (4) FIREWALL RULES: Implement strict firewall policies blocking external access to port 80/443 on affected devices; (5) MONITORING: Enable logging on affected devices and monitor for suspicious QoS configuration requests to /goform/QoSPortSetup endpoint; (6) FIRMWARE CHECK: Verify no other DIR-816 units in inventory are still running 1.10CNB05; if other versions exist, assess if they contain similar vulnerabilities; (7) INCIDENT RESPONSE: Organizations that have deployed DIR-816 units should assume breach risk and audit for signs of compromise (unusual traffic patterns, unauthorized configuration changes, potential command injection artifacts). No upstream patch is forthcoming from D-Link.
More in Dir 816 Firmware
View allAn issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 pa
An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via sy
Critical stack-based buffer overflow vulnerability in D-Link DIR-816 1.10CNB05 affecting the qosClassifier function's di
Critical stack-based buffer overflow vulnerability in D-Link DIR-816 firmware version 1.10CNB05 affecting the /goform/fo
Critical stack-based buffer overflow vulnerability in D-Link DIR-816 wireless router (version 1.10CNB05) affecting the 5
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecur
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/f
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity func
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/fo
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd
In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagn
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost. Rated critical severity
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-16950