CVE-2025-5623

Name of the Vulnerable Software and Affected Versions D-Link DIR-816 version 1.10CNB05

Description A critical vulnerability was found in the D-Link DIR-816, affecting the qosClassifier function of the file /goform/qosClassifier. The manipulation of the dip address and sip address arguments leads to a stack-based buffer overflow. This issue can be exploited remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Recommendations As a temporary workaround, consider disabling the qosClassifier function until a patch is available. Restrict access to the /goform/qosClassifier endpoint to minimize the risk of exploitation. Avoid using the dip address and sip address parameters in the affected API endpoint until the issue is resolved. Replace unsupported devices and update immediately with the latest vendor release.