Executive Summary

Title D-Link routers contain buffer overflow vulnerability
Name VU#332115 First vendor Publication 2016-08-11
Vendor VU-CERT Last vendor Modification 2016-08-12
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Vulnerability Note VU#332115

D-Link routers contain buffer overflow vulnerability

Original Release date: 11 Aug 2016 | Last revised: 12 Aug 2016


D-Link DIR routers contain a stack-based buffer overflow vulnerability, which may allow a remote attack to execute arbitrary code.


CWE-121: Stack-based Buffer Overflow - CVE-2016-5681

A stack-based buffer overflow occurs in the function within the cgibin binary which validates the session cookie.
This function is used by a service which is exposed to the WAN network on port 8181 by default.

CVE-2016-5681 has been confirmed to affect:

  • DIR-850L B1
  • DIR-822 A1
  • DIR-823 A1
  • DIR-895L A1
  • DIR-890L A1
  • DIR-885L A1
  • DIR-880L A1
  • DIR-868L B1
  • DIR-868L C1
  • DIR-817L(W)
  • DIR-818L(W)


This function allows a buffer overflow condition in which arbitrary code may be executed. The impact may vary depending on if the use case is local or remote.


Apply Updates

D-Link has provided firmware updates for the affected devices. Please see their public advisory for links to the updated firmware.

Restrict Access

As a general good security practice, only allow connections from trusted hosts and networks

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
D-Link Systems, Inc.Affected07 Jul 201609 Aug 2016
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)



  • https://cwe.mitre.org/data/definitions/121.html
  • http://support.dlink.com/
  • http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10063


Thanks to Daniel Romero @daniel_rome (NCC Group) for reporting this vulnerability.

This document was written by Trent Novelly.

Other Information

  • CVE IDs:CVE-2016-5681
  • Date Public:11 Aug 2016
  • Date First Published:11 Aug 2016
  • Date Last Updated:12 Aug 2016
  • Document Revision:15


If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/332115

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

Hardware 1
Os 1
Os 1
Os 5
Os 2
Os 1
Os 1
Os 1

Alert History

If you want to see full details history, please login or register.
Date Informations
2016-08-27 00:26:04
  • Multiple Updates
2016-08-26 05:20:04
  • Multiple Updates
2016-08-12 21:23:33
  • Multiple Updates
2016-08-11 21:22:44
  • First insertion