Critical D-Link Router Flaws Allow Remote Code Execution by Attackers
gbhackersA series of critical security vulnerabilities have been identified in D-Link DIR-816 routers, exposing users worldwide to the risk of remote code execution and network compromise.
The flaws affect all hardware revisions and firmware versions of the DIR-816 (non-US), which has reached its End of Life (EOL) and End of Service Life (EOS), meaning no further security updates or technical support will be provided.
Details of the Vulnerabilities
Security researcher pjqwudi, in disclosures published on June 4 and 5, 2025, revealed six major vulnerabilities impacting the DIR-816.
These include four stack-based buffer overflows and two OS command injection flaws, all of which are remotely exploitable and do not require authentication1.
Table: Summary of D-Link DIR-816 Vulnerabilities
| CVE ID | Vulnerability Type | CVSS Score | Severity |
| CVE-2025-5622 | Stack-based Buffer Overflow | 9.8 | CRITICAL |
| CVE-2025-5623 | Stack-based Buffer Overflow | 9.8 | CRITICAL |
| CVE-2025-5624 | Stack-based Buffer Overflow | 9.8 | CRITICAL |
| CVE-2025-5630 | Stack-based Buffer Overflow | 9.8 ... |
Copyright of this story solely belongs to gbhackers . To see the full text click HERE