search menu icon-carat-right cmu-wordmark

CERT Coordination Center

D-Link routers contain buffer overflow vulnerability

Vulnerability Note VU#332115

Original Release Date: 2016-08-11 | Last Revised: 2016-08-12


D-Link DIR routers contain a stack-based buffer overflow vulnerability, which may allow a remote attack to execute arbitrary code.


CWE-121: Stack-based Buffer Overflow - CVE-2016-5681

A stack-based buffer overflow occurs in the function within the cgibin binary which validates the session cookie.
This function is used by a service which is exposed to the WAN network on port 8181 by default.

CVE-2016-5681 has been confirmed to affect:

    • DIR-850L B1
    • DIR-822 A1
    • DIR-823 A1
    • DIR-895L A1
    • DIR-890L A1
    • DIR-885L A1
    • DIR-880L A1
    • DIR-868L B1
    • DIR-868L C1
    • DIR-817L(W)
    • DIR-818L(W)


This function allows a buffer overflow condition in which arbitrary code may be executed. The impact may vary depending on if the use case is local or remote.


Apply Updates
D-Link has provided firmware updates for the affected devices. Please see their public advisory for links to the updated firmware.

Restrict Access

As a general good security practice, only allow connections from trusted hosts and networks

Vendor Information

Affected   Unknown   Unaffected

D-Link Systems, Inc.

Notified:  July 07, 2016 Updated:  August 09, 2016



Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group Score Vector
Base 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal 8.4 E:POC/RL:ND/RC:C
Environmental 6.3 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND



Thanks to Daniel Romero @daniel_rome (NCC Group) for reporting this vulnerability.

This document was written by Trent Novelly.

Other Information

CVE IDs: CVE-2016-5681
Date Public: 2016-08-11
Date First Published: 2016-08-11
Date Last Updated: 2016-08-12 19:04 UTC
Document Revision: 15

Sponsored by CISA.