Some active D-Link DIR-model routers contain a stack-based buffer overflow vulnerability, which may allow a remote attack to execute arbitrary code.

Referencing: CWE-121 CVE-2016-5681 VU#332115

3rd Party Incident Report:

CERT Record :: Details Here

Initial Report for this vulnerability was Taiwan local security community (TDOH) :: Details Here

Secondary Report for DIR-850L coordinating the same issue:

Daniel.Romero@nccgroup.trust on 6/1/2016 : NCC Group
Street: Calle Serrano Galvache Number: 56 Building: Abedul Floor: 4th, Madrid, 28033

Affected Devices:

• DIR-850L Rev.B1
• DIR-822 Rev.C1
• DIR-823 Rev.A1
• DIR-895L Rev.A1
• DIR-890L Rev.A1
• DIR-885L Rev.A1
• DIR-880L Rev.A1
• DIR-868L Rev.B1
• DIR-868L Rev.C1
• DIR-817L(W) Rev.Ax
• DIR-818L(W) Rev.Ax

Fixed Firmware:

• DIR-850L Rev. B1 Official FW v2.07 (v2.07WWB05)
• DIR-817 Rev. Ax Official FW v1.04 (v104WWB04) updated 01/15/2018
  
• DIR-818LW Rev. Bx Beta FW (v2.05b03beta03)
• DIR-822 Rev. C1 Official FW v3.01 (v3.01WWb02)
• DIR-823 Rev. A1 Official FW v1.00 (v1.00WWb05)
• DIR-895L Rev. A1 Official FW v1.11 (v1.11WWb04)
• DIR-890L Rev  A1 Official FW v1.09 (v1.09b14)
• DIR-885L Rev. A1 Official FW v1.11 (v1.11WWb07)
• DIR-880L Rev. A1 Official FW v1.07 (v1.07WWb08)
• DIR-868L Rev. B1 Official FW v2.03 (v2.03WWb01)
• DIR-868L Rev. C1 Official FW v3.00 (v3.00WWb01)

Thank You,

Security Incident Response Team

security@dlink.com