CVE-2025-5623

CWE-119Buffer OverflowCWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write4 documents4 sources
Severity
9.3CRITICAL
EPSS
3.6%
top 12.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
D-link Dir-816Dlink Dir-816 Firmware
Timeline
PublishedJun 5
Latest updateJan 27

Description

A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5d-link/dir-8161.10CNB05
NVDdlink/dir-816_firmware1.10cnb05

🔴Vulnerability Details

2
GHSA
GHSA-v8p3-7jrm-c3rr: A vulnerability was found in D-Link DIR-816 12025-06-05
CVEList
D-Link DIR-816 qosClassifier stack-based overflow2025-06-05

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS D-Link qosClassifier Multiple Parameters Buffer Overflow Attempt (CVE-2025-5623)2026-01-27