PatchSiren cyber security CVE debrief

CVE-2016-10177 Dlink CVE debrief

CVE-2016-10177 is a critical authentication flaw in the D-Link DWR-932B router. NVD says undocumented TELNET and SSH services accept fixed logins for admin/admin and root/1234, which maps to CWE-798 and yields a CVSS 3.1 score of 9.8. Because the services are network-accessible and require no valid credentials, exposed devices should be treated as high-risk.

Vendor: Dlink
Product: CVE-2016-10177
CVSS: CRITICAL 9.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-30
Original CVE updated: 2026-05-13
Advisory published: 2017-01-30
Advisory updated: 2026-05-13

Who should care

Network and security teams responsible for D-Link DWR-932B routers, especially devices exposed to the internet, used in small offices, or deployed in branch and remote-access setups.

Technical summary

The NVD record describes undocumented TELNET and SSH services on the D-Link DWR-932B that allow login with hardcoded credentials (admin/admin and root/1234). NVD assigns CWE-798 (use of hard-coded credentials) and CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating remote, unauthenticated compromise potential. The supplied NVD metadata marks firmware CPE cpe:2.3:o:dlink:dwr-932b_firmware:02.02eu:revb:*:*:*:*:*:* as vulnerable, while the hardware CPE entry is marked not vulnerable, so exact firmware identification matters.

Defensive priority

Urgent. This is a remote, unauthenticated access issue with full confidentiality, integrity, and availability impact. If affected devices are reachable from untrusted networks, prioritize inventory, isolation, and firmware validation immediately.

Recommended defensive actions

Inventory all D-Link DWR-932B devices and confirm exact firmware/build against the vulnerable CPE listed by NVD.
Remove or block external access to TELNET and SSH on affected units using network controls and segmentation.
Apply vendor-provided firmware or remediation guidance if available for the specific device/firmware combination.
If you cannot confirm a fixed version, treat the device as untrusted and plan replacement or retirement.
Check for unauthorized configuration changes or unexpected accounts on exposed devices and rebuild from a known-good baseline when feasible.

Evidence notes

The debrief is based on the official NVD CVE record and its referenced third-party technical advisory. NVD states the issue involves undocumented TELNET and SSH services with default credentials admin/admin and root/1234, and assigns CWE-798 with CVSS 9.8. The record was published on 2017-01-30 and later modified on 2026-05-13; those dates are record timeline markers, not the original vulnerability discovery date. The supplied metadata also includes CPE criteria showing a vulnerable firmware entry for DWR-932B firmware 02.02eu revb and a non-vulnerable hardware CPE entry, which should be reconciled during asset validation.

Official resources

CVE-2016-10177 CVE record
CVE.org
CVE-2016-10177 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Exploit, Technical Description, Third Party Advisory

Publicly disclosed in the CVE/NVD record on 2017-01-30. The supplied NVD entry was modified later on 2026-05-13, but that is a record update date rather than the original issue date.