About

D Link Wireless Router DIR 816 prone to remote shell execution

D Link dual band wireless routers of model DIR 816 and full product name – dir-816 750m11ac wireless router is prone to remote shell execution vulnerability. The vulnerability was found by security researcher and reported to D Link on 23rd August, 2021. The affected firmware version is – DIR816_A1_FW101CNB04.

What is the CVSS score of the reported vulnerability?

The vulnerability is being tracked under CVE-2021-39510 with a CVSS score of 7.5. The vulnerability is of critical nature. The NIST website marks this vulnerability as critical with a base score of 9.8. This makes it amply clear that the D Link wireless routers model 816 are prone to exploitation attempts, wherein an attacker may plant a shell on the router and take control of the router and the associated network.

What is the vulnerability on the D Link wireless router DIR 816 750m11ac?

As per the initial details shared for the vulnerability –

An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell metacharacters.

What is the fix for the vulnerability on the D Link wireless router DIR 816 750m11ac ?

There is currently no fix for the vulnerability on the D Link wireless router. As per the announcement on the D Link website, DIR 816 model of wireless routers have reached end of life status. No new firmware updates can be provided by the company as this series of wireless routers are beyond the support date of the product.

Given this understanding of the D Link 816 model being end of life, the only remedy for this vulnerability is to buy a new router. For all practical reasons, DIR 816 model of D Link wireless routers have been rendered unusable due to this 9.8 level critical remote shell execution vulnerability.

Summary

D Link’s 816 model wireless model of routers are affected with a critical vulnerability that will allow the attacker to take control of the device. The 816 series of D Link wireless routers are end of life. No new firmware updates are expected. Please consider replacing your D Link 816 series wireless routers with a new wireless router and protect your network. The replacement cost would be quite low in terms of associated risks carried due to the critical vulnerability.