Skip to main content

Dir 816 Firmware CVE-2025-5630

| EUVDEUVD-2025-16952 CRITICAL
Buffer Overflow (CWE-119)
2025-06-05 cna@vuldb.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
EUVD ID Assigned
Mar 14, 2026 - 17:53 euvd
EUVD-2025-16952
Analysis Generated
Mar 14, 2026 - 17:53 vuln.today
PoC Detected
Jun 06, 2025 - 15:15 vuln.today
Public exploit code
CVE Published
Jun 05, 2025 - 03:15 nvd
CRITICAL 9.8

DescriptionCVE.org

A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vulnerability affects unknown code of the file /goform/form2lansetup.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 firmware version 1.10CNB05 affecting the /goform/form2lansetup.cgi endpoint. An unauthenticated remote attacker can exploit this vulnerability by manipulating the 'ip' parameter to achieve complete system compromise including data exfiltration, integrity violation, and denial of service. The vulnerability has public exploit code available and affects end-of-life products no longer receiving vendor support.

Technical ContextAI

This vulnerability exists in the web management interface of D-Link DIR-816 routers, specifically within the form2lansetup.cgi CGI script that handles LAN configuration. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), manifesting as a classic stack-based buffer overflow in the 'ip' parameter processing. The CGI script likely uses unsafe string handling functions (strcpy, sprintf, or similar) without proper bounds checking when parsing user-supplied IP address input. The DIR-816 is a residential-grade wireless router with embedded web server functionality. Affected CPE: cpe:2.3:o:d-link:dir-816_firmware:1.10cnb05:*:*:*:*:*:*:*. This firmware version represents legacy hardware that reached end-of-life status, meaning D-Link has terminated security patch development.

RemediationAI

D-Link has not released patches for this end-of-life product. Remediation options: (1) Hardware replacement: Discontinue use of DIR-816 v1.10CNB05 and deploy current-generation D-Link routers receiving active security support; (2) Network isolation: If hardware replacement is not immediately feasible, restrict network access to the router's web management interface using firewall rules, allowing management access only from trusted administrative networks; (3) Disable web management: If remote management is not required, disable HTTP/HTTPS web interface access and manage router via alternative methods (serial console, local only); (4) Monitor for exploitation: Implement intrusion detection signatures for attempts to access /goform/form2lansetup.cgi with malformed 'ip' parameters; (5) Firmware alternatives: Investigate third-party open-source firmware (OpenWrt, DD-WRT if supported) that may have security patches for this hardware line, though compatibility and stability should be thoroughly tested first.

CVE-2024-24321 CRITICAL POC
9.8 Feb 08

An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 pa

CVE-2025-45931 CRITICAL POC
9.8 Jun 30

An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via sy

CVE-2025-5623 CRITICAL POC
9.8 Jun 05

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 1.10CNB05 affecting the qosClassifier function's di

CVE-2025-5624 CRITICAL POC
9.8 Jun 05

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 firmware version 1.10CNB05 affecting the QoSPortSet

CVE-2025-5622 CRITICAL POC
9.8 Jun 05

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 wireless router (version 1.10CNB05) affecting the 5

CVE-2022-43003 CRITICAL POC
9.8 Oct 26

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecur

CVE-2022-43002 CRITICAL POC
9.8 Oct 26

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/f

CVE-2022-43001 CRITICAL POC
9.8 Oct 26

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity func

CVE-2022-43000 CRITICAL POC
9.8 Oct 26

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/fo

CVE-2022-42998 CRITICAL POC
9.8 Oct 26

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd

CVE-2022-37130 CRITICAL POC
9.8 Aug 31

In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagn

CVE-2022-37125 CRITICAL POC
9.8 Aug 31

D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost. Rated critical severity

Share

CVE-2025-5630 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy