Remote Code Execution Vulnerability in D-Link DIR-816 Router
CVE-2025-45931

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: DIR-816 Router
Vendor: CVE Published:; 30 June 2025

What is CVE-2025-45931?

A vulnerability in the D-Link DIR-816 router allows a remote attacker to execute arbitrary code through the 'system()' function found in the binary 'goahead'. By exploiting this flaw, attackers can gain unauthorized control over the device, potentially leading to further security breaches within the network.

References

http://d-link.com

https://www.dlink.com/en/security-bulletin/

http://dir-816-a2.com

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2025
Vulnerability Reserved
Apr 22, 2025