D-Link Routers Let Hackers Seize Control via Web Flaws

Multiple critical flaws in D-Link routers let hackers remotely execute arbitrary code and compromise vulnerable networks, according to a new security disclosure. The six vulnerabilities affect all hardware and firmware versions of the DIR-816 model, which has reached End-of-Life status and will not receive patches.

Four of the flaws involve stack-based buffer overflows, each rated CVSS 9.8, the highest severity score. Attackers can exploit functions like wirelessApcli_5g and qosClassifier to trigger memory corruption and gain elevated access. Another critical bug targets the form2lansetup.cgi file via manipulated IP parameters.

In addition, two high-severity command injection vulnerabilities — CVE-2025-5620 and CVE-2025-5621 — allow attackers to run unauthorized system commands. These flaws, combined with the lack of vendor support, make D-Link routers let hackers fully control affected devices.

D-Link urges users to retire the DIR-816 immediately and adopt supported alternatives. Read the full breakdown at:

Multiple Critical Vulnerabilities in D-Link Routers Let Attackers Execute Arbitrary Code Remotely