Critical D-Link Router Flaws Allow Remote Code Execution by Attackers
A series of critical security vulnerabilities have been identified in D-Link DIR-816 routers, exposing users worldwide to the risk of remote code execution and network compromise.
The flaws affect all hardware revisions and firmware versions of the DIR-816 (non-US), which has reached its End of Life (EOL) and End of Service Life (EOS), meaning no further security updates or technical support will be provided.
Details of the Vulnerabilities
Security researcher pjqwudi, in disclosures published on June 4 and 5, 2025, revealed six major vulnerabilities impacting the DIR-816.
These include four stack-based buffer overflows and two OS command injection flaws, all of which are remotely exploitable and do not require authentication1.
Table: Summary of D-Link DIR-816 Vulnerabilities
| CVE ID | Vulnerability Type | CVSS Score | Severity |
| CVE-2025-5622 | Stack-based Buffer Overflow | 9.8 | CRITICAL |
| CVE-2025-5623 | Stack-based Buffer Overflow | 9.8 | CRITICAL |
| CVE-2025-5624 | Stack-based Buffer Overflow | 9.8 | CRITICAL |
| CVE-2025-5630 | Stack-based Buffer Overflow | 9.8 | CRITICAL |
| CVE-2025-5620 | OS Command Injection | 7.3 | HIGH |
| CVE-2025-5621 | OS Command Injection | 7.3 | HIGH |
Buffer overflow vulnerabilities allow attackers to overwrite memory, potentially taking full control of the device.
Command injection flaws enable execution of arbitrary system commands, further increasing the risk of complete device compromise.
Exploitation of these vulnerabilities could allow attackers to:
- Gain full administrative control over the router
- Intercept and manipulate network traffic
- Deploy malware or persistent backdoors
- Use compromised routers as a foothold into connected networks
D-Link has confirmed that the DIR-816 is no longer supported, and no firmware updates will be released to address these flaws. As a result, the company strongly urges all users to:
- Immediately retire and replace the DIR-816 router
- Transition to a current-generation product with active support
- Back up all important data
- If continued use is unavoidable, ensure the device has the latest available firmware, use strong, unique passwords, and enable Wi-Fi encryption1
Continuing to use the DIR-816 exposes users to significant security risks. D-Link emphasizes that the safest course of action is to remove these devices from all networks as soon as possible.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates
Source link
