CRITICAL🇵🇱 Wersja polska

CVE-2025-45931

CVSS 9.8v3.1pub. 2025-06-30upd. 2026-07-05

An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file

🤖 AI Analysis
How it works

The issue concerns the bin/goahead binary file, which is the device's embedded web server. The vulnerability is classified as command injection (CWE-77) — this means that input data passed to the system() function is not properly filtered or validated. An attacker can craft an appropriate network request containing a malicious payload that will be executed by the system shell with the privileges of the web server process.

Impact

An attacker gains the ability to remotely execute arbitrary code (RCE) on the device without any authentication, which may lead to complete takeover of the router, including violation of confidentiality, integrity, and availability of the device and the supported network.

Mitigation & patch

Apply patches available from the manufacturer according to references (https://www.dlink.com/en/security-bulletin/). Until an update is released, it is recommended to restrict access to the device's administrative interface only to trusted hosts and block access from the public network (e.g., through a firewall or network configuration change).

Who is affected

D-Link DIR-816-A2 with firmware version DIR-816A2_FWv1.10CNB05_R1B011D88210

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Dir 816

    HW
    Dlink
    a2
  • Dlink Dir 816 Firmware

    OS
    Dlink
    1.10cnb05_r1b011d88210
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-5624CRITICAL9.3PL ✓ten sam produkt

Stack-based buffer overflow w D-Link DIR-816 — funkcja QoSPortSetup

CVE-2025-5630CRITICAL9.3PL ✓ten sam produkt

D-Link DIR-816: Stack-based buffer overflow w /goform/form2lansetup.cgi

CVE-2025-5623CRITICAL9.3PL ✓ten sam produkt

Stack-based buffer overflow w D-Link DIR-816 – funkcja qosClassifier

CVE-2025-5622CRITICAL9.3PL ✓ten sam produkt

Stack-based buffer overflow w D-Link DIR-816 — zdalny atak bez uwierzytelnienia

CVE-2024-57684CRITICAL9.8PL ✓ten sam produkt

D-Link DIR-816: nieautoryzowana zmiana konfiguracji DMZ przez formDMZ.cgi