PT-2025-23877 · D Link · D-Link Dir-816
Pjqwudi
·
Published
2025-06-04
·
Updated
2025-06-05
·
CVE-2025-5624
CVSS v4.0
10
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-816 version 1.10CNB05
Description
The issue is related to a stack-based buffer overflow in the QoSPortSetup function of the /goform/QoSPortSetup file. This can be exploited remotely by manipulating the
port0 group, port0 remarker, ssid0 group, or ssid0 remarker arguments, leading to a denial of service. The vulnerability affects products that are no longer supported by the maintainer.Recommendations
As a temporary workaround, consider restricting access to the /goform/QoSPortSetup API endpoint until a patch is available.
Avoid using the
port0 group, port0 remarker, ssid0 group, or ssid0 remarker parameters in the affected API endpoint until the issue is resolved.
Ensure the router is not exposed to the internet and use a firewall to help mitigate potential attacks.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Memory Corruption
Stack Overflow
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
D-Link Dir-816