EUVD-2025-16941
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g of the file /goform/wirelessApcli_5g. The manipulation of the argument apcli_mode_5g/apcli_enc_5g/apcli_default_key_5g leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Analysis
Critical stack-based buffer overflow vulnerability in D-Link DIR-816 wireless router (version 1.10CNB05) affecting the 5GHz wireless configuration interface. An unauthenticated remote attacker can exploit improper input validation in the wirelessApcli_5g function to achieve complete system compromise including arbitrary code execution, data theft, and service disruption. Public exploit code exists and the affected product line is end-of-life, creating significant risk for unpatched deployments.
Technical Context
The vulnerability exists in the web management interface of D-Link DIR-816 routers, specifically in the /goform/wirelessApcli_5g endpoint. This endpoint handles 5GHz wireless AP client mode configuration parameters (apcli_mode_5g, apcli_enc_5g, apcli_default_key_5g). The underlying issue is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), manifesting as a stack-based buffer overflow. When processing user-supplied wireless configuration parameters, the application fails to properly validate input length before copying data into fixed-size stack buffers. The wireless configuration subsystem directly passes unsanitized user input to string manipulation functions without bounds checking, allowing attackers to overflow adjacent stack memory. This is typical of legacy embedded device firmware that lacks modern secure coding practices and memory protection mechanisms (ASLR, stack canaries).
Affected Products
DIR-816 (['1.10CNB05'])
Remediation
Primary Remediation: Retire affected hardware; details: Since DIR-816 1.10CNB05 is EOL, no official patches exist. Organizations should plan immediate replacement with supported router models receiving active security updates. Interim Mitigation: Network segmentation and access control; details: If immediate replacement is impossible: (1) Disable remote management access—disable WAN-accessible web interface (disable HTTP/HTTPS management from WAN side); (2) Restrict to LAN-only management via strong firewall rules; (3) Change default administrative credentials to complex passwords; (4) Isolate router management network from guest/untrusted networks; (5) Monitor for suspicious management interface access attempts. Detection: Monitor for exploitation attempts; details: Log access to /goform/wirelessApcli_5g endpoint. Monitor HTTP requests containing unusual lengths or binary data in apcli_mode_5g, apcli_enc_5g, or apcli_default_key_5g parameters. Monitor for unexpected router restarts or configuration changes. Vendor Advisory: Check D-Link security advisories; details: D-Link has not released security patches for EOL DIR-816 hardware. Users should verify no firmware updates are available via D-Link support portal and assume permanent vulnerability.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today