EUVD-2025-16940
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Analysis
Critical stack-based buffer overflow vulnerability in D-Link DIR-816 1.10CNB05 affecting the qosClassifier function's dip_address/sip_address parameters. This unauthenticated, remotely exploitable flaw allows attackers to achieve complete system compromise (confidentiality, integrity, and availability impact). The vulnerability affects end-of-life products no longer receiving vendor support, with public exploit disclosure and confirmed proof-of-concept availability increasing real-world exploitation risk.
Technical Context
The vulnerability exists in the /goform/qosClassifier endpoint of D-Link DIR-816 (CPE: cpe:2.3:o:d-link:dir-816_firmware:1.10cnb05:*:*:*:*:*:*:*), a consumer-grade wireless router. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), specifically a stack-based buffer overflow. The qosClassifier function fails to properly validate the length of user-supplied input in the dip_address and sip_address parameters before copying them into fixed-size stack buffers. This lack of bounds checking allows attackers to overflow the stack, potentially overwriting saved return addresses and other critical data structures. The affected endpoint is accessible without authentication due to missing access control checks (contributing to CVSS AV:N/AC:L/PR:N), making this a particularly severe implementation flaw typical of legacy embedded device firmware.
Affected Products
D-Link DIR-816 firmware version 1.10CNB05 (CPE: cpe:2.3:o:d-link:dir-816_firmware:1.10cnb05:*:*:*:*:*:*:*). This is an end-of-life consumer wireless router; D-Link no longer provides security updates or technical support for this product line. No vendor advisory or patch availability exists due to product discontinuation. Organizations using this router model should verify their specific firmware version; any deployment of 1.10CNB05 or potentially earlier/contemporary firmware versions on DIR-816 hardware is affected.
Remediation
Immediate remediation options are severely limited due to end-of-life status: (1) **Hardware replacement**: Discontinue use of DIR-816 equipment and migrate to current-generation D-Link routers with active security support; (2) **Network isolation**: If immediate replacement is not feasible, isolate affected DIR-816 devices to restricted network segments with strict ingress/egress filtering, preventing internet-facing exposure; (3) **Access control**: Implement network-level access controls (firewall rules, ACLs) to block unauthorized access to the /goform/qosClassifier endpoint on port 80/443; (4) **Monitoring**: Deploy network intrusion detection signatures to monitor for exploitation attempts targeting this endpoint; (5) **No patch available**: D-Link will not release firmware patches for this end-of-life product. Firmware upgrades to newer DIR-816 versions (if available) should be evaluated but are not guaranteed to address this vulnerability without vendor confirmation. Do NOT rely on workarounds as a long-term solution—replacement is the only permanent fix.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today