search menu icon-carat-right cmu-wordmark

CERT Coordination Center

D-Link routers contain buffer overflow vulnerability

Vulnerability Note VU#332115

Original Release Date: 2016-08-11 | Last Revised: 2016-08-12


D-Link DIR routers contain a stack-based buffer overflow vulnerability, which may allow a remote attack to execute arbitrary code.


CWE-121: Stack-based Buffer Overflow - CVE-2016-5681

A stack-based buffer overflow occurs in the function within the cgibin binary which validates the session cookie.
This function is used by a service which is exposed to the WAN network on port 8181 by default.

CVE-2016-5681 has been confirmed to affect:

    • DIR-850L B1
    • DIR-822 A1
    • DIR-823 A1
    • DIR-895L A1
    • DIR-890L A1
    • DIR-885L A1
    • DIR-880L A1
    • DIR-868L B1
    • DIR-868L C1
    • DIR-817L(W)
    • DIR-818L(W)


This function allows a buffer overflow condition in which arbitrary code may be executed. The impact may vary depending on if the use case is local or remote.


Apply Updates
D-Link has provided firmware updates for the affected devices. Please see their public advisory for links to the updated firmware.

Restrict Access

As a general good security practice, only allow connections from trusted hosts and networks

Vendor Information


D-Link Systems, Inc. Affected

Notified:  July 07, 2016 Updated: August 09, 2016



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group Score Vector
Base 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal 8.4 E:POC/RL:ND/RC:C
Environmental 6.3 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND



Thanks to Daniel Romero @daniel_rome (NCC Group) for reporting this vulnerability.

This document was written by Trent Novelly.

Other Information

CVE IDs: CVE-2016-5681
Date Public: 2016-08-11
Date First Published: 2016-08-11
Date Last Updated: 2016-08-12 19:04 UTC
Document Revision: 17

Sponsored by CISA.