CVE-2016-5681

Name: CVE-2016-5681
Creator: NVD / NIST
Published: 2016-08-25T21:59:04.15+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 11.93%

Last modified Jun 17, 2026

CVE-2016-5681 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08, DIR-868L B1 2.03 before 2.03WWb01, and DIR-868L C1 3.00 before 3.00WWb01 devices allows remote attackers to execute arbitrary code via a long session cookie.. EPSS estimates a 11.93% chance of exploitation in the next 30 days.

Description

Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08, DIR-868L B1 2.03 before 2.03WWb01, and DIR-868L C1 3.00 before 3.00WWb01 devices allows remote attackers to execute arbitrary code via a long session cookie.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

11.93%

95.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions
Dlink	Dir-868l Firmware	<= 2.03
Dlink	Dir-822 Firmware	3.01
D-Link	Dir-880l Firmware	<= 1.07
D-Link	Dir-850l Firmare	<= 2.07
D-Link	Dir-895l Firmware	<= 1.11
D-Link	Dir-817l\(W\) Firmware	<= jul.2016
D-Link	Dir-818l\(W\) Firmware	<= 2.05
D-Link	Dir-890l Firmware	<= 1.09
D-Link	Dir-823 Firmware	<= 1.00
D-Link	Dir-885l Firmware	<= 1.11
Dlink	Dir-868l Firmware	<= 3.00

References

http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10063Vendor Advisory
http://www.kb.cert.org/vuls/id/332115Third Party Advisory, US Government Resource
http://www.securityfocus.com/bid/92427Third Party Advisory, VDB Entry
http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10063Vendor Advisory
http://www.kb.cert.org/vuls/id/332115Third Party Advisory, US Government Resource
http://www.securityfocus.com/bid/92427Third Party Advisory, VDB Entry

Timeline

Published: Aug 25, 2016
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-5681?

How severe is CVE-2016-5681?

CVE-2016-5681 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 11.93% probability of exploitation in the next 30 days.

How do I fix CVE-2016-5681?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-5681?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST