What critical vulnerabilities were discovered in D-Link DIR-816 routers?

Security researchers discovered six critical vulnerabilities in D-Link DIR-816 routers that could allow attackers to achieve complete remote code execution without authentication. Four vulnerabilities (CVE-2025-5622, CVE-2025-5623, CVE-2025-5624, CVE-2025-5630) are stack-based buffer overflows with CVSS scores of 9.8, and two vulnerabilities (CVE-2025-5620, CVE-2025-5621) are OS command injections with CVSS scores of 7.3.

How severe are these D-Link DIR-816 vulnerabilities?

These are extremely severe vulnerabilities. Four of them have CVSS scores of 9.8 out of 10, indicating maximum severity, while two have scores of 7.3, still considered high. All vulnerabilities can be exploited remotely without requiring authentication, making them particularly dangerous.

What are stack-based buffer overflow vulnerabilities?

Stack-based buffer overflow vulnerabilities allow attackers to overwrite memory locations on the device's stack, potentially enabling them to inject malicious code and gain complete control over the affected devices. Four of the DIR-816 vulnerabilities are this type.

What are OS command injection vulnerabilities?

OS command injection vulnerabilities allow attackers to execute arbitrary system commands on the target device. Two of the DIR-816 vulnerabilities (CVE-2025-5620 and CVE-2025-5621) are this type, affecting the setipsec_config and qosClassifier functions respectively.

Which specific functions in the DIR-816 firmware are vulnerable?

The vulnerable functions include wirelessApcli_5g function, qosClassifier function, QoSPortSetup function, form2lansetup.cgi, and setipsec_config function. These functions contain either stack-based buffer overflows or OS command injection vulnerabilities.

What immediate actions should DIR-816 users take?

Users should immediately discontinue using their DIR-816 routers and replace them with newer router models that receive active security updates. If immediate replacement is not possible, users should disconnect the router from the internet and implement additional network security measures until a replacement can be obtained.

Are there any temporary mitigation measures for DIR-816 users?

Since no patches will be released and the vulnerabilities are remotely exploitable without authentication, there are no effective temporary mitigation measures. The only secure solution is to replace the DIR-816 router with a supported device that receives regular security updates.

How do I know if I have a D-Link DIR-816 router?

Check the model number printed on the label on your router device. The model number should read 'DIR-816'. You can also check your router's administration interface, which typically displays the model information on the main dashboard or system information page.

Why did D-Link discontinue support for the DIR-816?

The DIR-816 router reached its End of Life (EOL) and End of Service Life (EOS) status on November 10, 2023. This is a normal product lifecycle process where manufacturers discontinue support for older hardware to focus resources on current-generation products with modern security features and capabilities.

Advisory

Critical flaws reported in end-of-life D-Link DIR-816 routers

Q: What can attackers do if they exploit these D-Link router vulnerabilities?

Successful exploitation could enable attackers to gain full administrative control over affected routers, intercept and manipulate network traffic passing through the devices, deploy malware or establish persistent backdoors for long-term access, and use compromised routers as launching points for attacks against other devices on connected networks.

Q: Will D-Link release patches for these DIR-816 vulnerabilities?

No, D-Link will not release any security patches for these vulnerabilities. The DIR-816 router reached its End of Life (EOL) and End of Service Life (EOS) status on November 10, 2023, meaning no security patches or technical support will be provided.

Q: What does D-Link recommend for DIR-816 router users?

D-Link has issued a strong recommendation for all users to immediately retire and replace their DIR-816 routers with current-generation products that maintain active firmware development and customer support.

published: June 30, 2025

Take action: If you have a D-Link DIR-816 router, be aware that it's critically vulnerable with no security patches ever coming since it's end-of-life. Immediately replace it with a router model that still receives security updates - don't wait as these flaws allow complete remote takeover without any authentication.

Learn More

Security researchers are reporting a series of critical vulnerabilities affecting D-Link DIR-816 routers that could allow attackers to achieve complete remote code execution without requiring authentication.

Vulnerability summary:

CVE-2025-5622 (CVSS score 9.8) - Stack-based buffer overflow in wirelessApcli_5g function
CVE-2025-5623 (CVSS score 9.8) - Stack-based buffer overflow in qosClassifier function
CVE-2025-5624 (CVSS score 9.8) - Stack-based buffer overflow in QoSPortSetup function
CVE-2025-5630 (CVSS score 9.8) - Stack-based buffer overflow in form2lansetup.cgi
CVE-2025-5620 (CVSS score 7.3) - OS command injection in setipsec_config function
CVE-2025-5621 (CVSS score 7.3) - OS command injection in qosClassifier function

The four stack-based buffer overflow vulnerabilities allow attackers to overwrite memory locations and potentially gain complete control over the affected devices.

The affected router model has reached its End of Life (EOL) and End of Service Life (EOS). This means no security patches or technical support will be provided to address these vulnerabilities.

Successful exploitation of these vulnerabilities could enable attackers to gain full administrative control over affected routers, intercept and manipulate network traffic passing through the devices, deploy malware or establish persistent backdoors for long-term access, and use compromised routers as launching points for attacks against other devices on connected networks.

D-Link has confirmed that the DIR-816 router reached its End of Life status on November 10, 2023, and will not receive any firmware updates to address these critical vulnerabilities. The company has issued a strong recommendation for all users to immediately retire and replace their DIR-816 routers with current-generation products that maintain active firmware development and customer support.

Critical flaws reported in end-of-life D-Link DIR-816 routers

Read More
Trend Micro fixes 15 flaws, at least six …
CISA warns of critical Fortinet RCE actively exploited
Unpatched command Injection flaw reported in Trendnet TEW-713RE …
Cisco releases patches for two critical flaws in …
Critical Authentication Bypass and Smuggling Flaws Impact Siemens …