What is the CVSS score of EUVD-2025-16942?

EUVD-2025-16942 has a CVSS 3.1 base score of 7.3 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L. EPSS exploitation probability: 1.0%.

Which versions of Dir 816 Firmware are affected by EUVD-2025-16942?

D-Link DIR-816 routers running firmware 1.10CNB05 contain a critical remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands.

Is there a public PoC exploit available for EUVD-2025-16942?

Yes, a public proof-of-concept exploit is available for EUVD-2025-16942. Prioritise patching immediately. EPSS: 1.0%.

How to fix or mitigate EUVD-2025-16942?

Within 24 hours: Inventory all D-Link DIR-816 devices and isolate affected units from production networks if possible. Within 7 days: Implement network segmentation to restrict administrative access to affected devices and deploy WAF rules blocking requests to /goform/qosClassifier. Within 30 days: Develop and execute a replacement plan for all DIR-816 units with supported hardware, establishing a target decommission date.

Dir 816 Firmware EUVD-2025-16942

| CVE-2025-5621 HIGH

Command Injection (CWE-77)

2025-06-05 cna@vuldb.com

RCE Command Injection D-Link Remote Code Execution Dir 816 Firmware

7.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 17:53 euvd

EUVD-2025-16942

Analysis Generated

Mar 14, 2026 - 17:53 vuln.today

PoC Detected

Jun 06, 2025 - 15:42 vuln.today

Public exploit code

CVE Published

Jun 05, 2025 - 00:15 nvd

HIGH 7.3

DescriptionNVD

A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this vulnerability is the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

A command injection vulnerability in A vulnerability (CVSS 7.3). Risk factors: public PoC available.

Technical ContextAI

CWE-77 (Command Injection). CVSS 7.3 indicates high severity. Affects A vulnerability.

RemediationAI

Monitor vendor channels for patch availability. Implement input validation and WAF rules as interim mitigation.

More from same product – last 7 days

CVE-2026-4377 MEDIUM This Month

6.0 May 28

Weak default credential generation in the D-Link DWR-X1820 router exposes administrative access to adjacent-network atta

EUVD-2025-16942 vulnerability details – vuln.today

Back