Primary

Context

D-Link DIR-816 Stack-Based Buffer Overflow Vulnerability in QoSPortSetup Function

Vulnerability

A critical stack-based buffer overflow vulnerability has been identified in the D-Link DIR-816 router, specifically in the 1.10CNB05 firmware version. The issue arises in the QoSPortSetup function within the file /goform/QoSPortSetup. The vulnerability can be exploited remotely, without authentication, by manipulating the port0_group, port0_remarker, ssid0_group, and ssid0_remarker parameters. This exploitation leads to a crash of the router, causing a denial of service.

Impact

Exploitation of this vulnerability causes the router to crash, disrupting its normal service and availability.

Reproduction

To reproduce this vulnerability, send a POST request to the /goform/QoSPortSetup endpoint. Include a long string in the port0_group parameter to overflow the buffer. The router will crash as a result.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.1

threat

6.5

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.1

threat

6.5

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Link DIR-816 Stack-Based Buffer Overflow Vulnerability in QoSPortSetup Function

Vulnerability

Impact

Reproduction

Affected Products

D-Link DIR-816

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating