Vulnerability Note VU#332115

D-Link routers contain buffer overflow vulnerability

Original Release date: 11 Aug 2016 | Last revised: 12 Aug 2016


D-Link DIR routers contain a stack-based buffer overflow vulnerability, which may allow a remote attack to execute arbitrary code.


CWE-121: Stack-based Buffer Overflow - CVE-2016-5681

A stack-based buffer overflow occurs in the function within the cgibin binary which validates the session cookie.
This function is used by a service which is exposed to the WAN network on port 8181 by default.

CVE-2016-5681 has been confirmed to affect:

    • DIR-850L B1
    • DIR-822 A1
    • DIR-823 A1
    • DIR-895L A1
    • DIR-890L A1
    • DIR-885L A1
    • DIR-880L A1
    • DIR-868L B1
    • DIR-868L C1
    • DIR-817L(W)
    • DIR-818L(W)


This function allows a buffer overflow condition in which arbitrary code may be executed. The impact may vary depending on if the use case is local or remote.


Apply Updates
D-Link has provided firmware updates for the affected devices. Please see their public advisory for links to the updated firmware.

Restrict Access

As a general good security practice, only allow connections from trusted hosts and networks

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
D-Link Systems, Inc.Affected07 Jul 201609 Aug 2016
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal 8.4 E:POC/RL:ND/RC:C
Environmental 6.3 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND



Thanks to Daniel Romero @daniel_rome (NCC Group) for reporting this vulnerability.

This document was written by Trent Novelly.

Other Information

  • CVE IDs: CVE-2016-5681
  • Date Public: 11 Aug 2016
  • Date First Published: 11 Aug 2016
  • Date Last Updated: 12 Aug 2016
  • Document Revision: 15


If you have feedback, comments, or additional information about this vulnerability, please send us email.