Week 27 – Retire your D-Link DIR-816 router

30 June – 06 July 2025

Our CVE of the Week post brings you another fresh attack on a network device, but this time it affects owners of a D-Link DIR-816 wireless router, which is used in small home networks.

The router provides dual-band AC WiFi connectivity, 3G support, firewall capabilities, and promises additional security features like VPN access and content blocking.

While most of the time, consumer devices like this are set-and-forget as long as they are working, the recently discovered CVE-2025-5622 shows the importance of paying attention to security even in the smallest environments.

The exploit is a simple buffer overflow in the function “wirelessApcli_5g”, enabling unauthenticated attackers to take control of the device via crafted parameters (apcli_mode_5g, apcli_enc_5g, and apcli_default_key_5g) through the “/goform/wirelessApcli_5g” endpoint. Along with this advisory, several other critical flaws were discovered, tagged as CVE-2025-5623, CVE-2025-5624, and CVE-2025-5630, allowing similar attacks to take place.

Unfortunately, the DIR-816 is in End-of-Life status, meaning a patch will never be released. The only solution is to retire the device and upgrade to a newer model that continues to receive security updates. To future-proof your home network, we recommend looking at manufacturers and devices with a long support timeline and updating them regularly. Or, if you’re feeling a bit more technical, you can even roll your own home router with something like OPNSense or pfSense to ensure you are protected for a long time.

Technical details of the exploit: https://github.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_50/50.md
NIST advisory: https://nvd.nist.gov/vuln/detail/cve-2025-5622#
D-Link product page: https://www.dlink.ru/mn/products/5/2212.html

White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024.

With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.

They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.