EUVD-2025-16943

| CVE-2025-5620 HIGH
2025-06-05 [email protected]
7.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Analysis Generated
Mar 14, 2026 - 17:53 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 17:53 euvd
EUVD-2025-16943
PoC Detected
Jun 06, 2025 - 15:42 vuln.today
Public exploit code
CVE Published
Jun 05, 2025 - 00:15 nvd
HIGH 7.3

Tags

Command Injection D-Link RCE Ipsec Dir 816 Firmware

Description

A vulnerability, which was classified as critical, was found in D-Link DIR-816 1.10CNB05. Affected is the function setipsec_config of the file /goform/setipsec_config. The manipulation of the argument localIP/remoteIP leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Analysis

A critical remote code execution vulnerability exists in D-Link DIR-816 firmware version 1.10CNB05, allowing unauthenticated attackers to execute arbitrary OS commands via the /goform/setipsec_config endpoint by manipulating localIP or remoteIP parameters. The vulnerability has a publicly disclosed proof-of-concept exploit and affects end-of-life hardware no longer receiving security updates from D-Link, creating significant risk for deployed instances.

Technical Context

The vulnerability is classified as CWE-77 (Improper Neutralization of Special Elements used in a Command), which represents insufficient input validation in command construction. The affected device is a D-Link DIR-816 wireless router running firmware version 1.10CNB05. The vulnerable function 'setipsec_config' in /goform/setipsec_config endpoint processes IPSec configuration parameters (localIP and remoteIP) without proper sanitization before passing them to shell command execution. This is a classic OS command injection vulnerability where user-controlled input reaches system() or equivalent calls without escaping shell metacharacters. The CPE context would be: cpe:2.3:o:d-link:dir-816_firmware:1.10cnb05:*:*:*:*:*:*:*

Affected Products

DIR-816 (['1.10CNB05'])

Remediation

primary_mitigation: Replace affected D-Link DIR-816 devices with current-generation routers receiving active security support; rationale: No firmware patch will be released for EOL devices; replacement is the only permanent remediation network_isolation: Restrict network access to router administration interfaces; disable remote management features; isolate router from untrusted networks; rationale: Reduces attack surface while replacement is planned access_control: If remote management is required, implement network segmentation via VPN or firewall rules limiting access to IPSec configuration endpoints; rationale: Reduces exposure even if vulnerability exists monitoring: Monitor router logs for suspicious requests to /goform/setipsec_config endpoint with unusual IP address patterns or shell metacharacters; rationale: Early detection of exploitation attempts workaround: Disable IPSec functionality in router if not required; disable web-based administration interface and use only local console; rationale: Eliminates attack vector if feature not in use

Priority Score

57
Low Medium High Critical
KEV: 0
EPSS: +1.0
CVSS: +36
POC: +20

Share

EUVD-2025-16943 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy