PatchSiren cyber security CVE debrief

CVE-2016-10179 Dlink CVE debrief

CVE-2016-10179 describes a hardcoded WPS PIN on the D-Link DWR-932B router. Because the PIN is fixed rather than unique, it undermines the intended security properties of WPS and can expose wireless access controls to unauthorized use. NVD rates the issue High with a network-reachable, no-authentication attack profile.

Vendor: Dlink
Product: CVE-2016-10179
CVSS: HIGH 7.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-30
Original CVE updated: 2026-05-13
Advisory published: 2017-01-30
Advisory updated: 2026-05-13

Who should care

Owners and operators of D-Link DWR-932B routers, especially environments using firmware identified by NVD as 02.02EU revB. Network administrators, MSPs, and security teams managing small-office or edge wireless devices should treat this as a priority inventory and remediation item.

Technical summary

The official records associate this issue with a hardcoded WPS PIN (28296607) on the D-Link DWR-932B. NVD maps the weakness to CWE-798 (Use of Hard-coded Credentials) and lists the affected firmware CPE as cpe:2.3:o:dlink:dwr-932b_firmware:02.02eu:revb:*:*:*:*:*:*. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating network exposure with no privileges or user interaction required and a confidentiality impact.

Defensive priority

High. The issue affects a network-facing device and is scored 7.5 High by NVD, with no authentication required in the CVSS vector. Systems exposed to untrusted networks should be prioritized for inventory, configuration review, and replacement or firmware remediation.

Recommended defensive actions

Inventory all D-Link DWR-932B devices and confirm whether firmware matches the affected CPE listed by NVD.
Check vendor support for a fixed firmware release; apply it if available.
If no patched firmware exists, replace or retire the device.
Disable WPS where possible, or ensure the feature is not exposed in deployments that do not require it.
Rotate Wi‑Fi and administrative credentials after remediation and review wireless access logs for unexpected enrollment activity.
Segment or isolate affected routers to reduce exposure while remediation is pending.

Evidence notes

Primary evidence comes from the NVD record and CVE entry for CVE-2016-10179, which identify a hardcoded WPS PIN on the D-Link DWR-932B router. NVD lists the weakness as CWE-798 and provides the CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The affected product scope in NVD is the D-Link DWR-932B firmware 02.02EU revB. The CVE was published on 2017-01-30 and last modified on 2026-05-13; those dates are used only as disclosure/timeline context.

Official resources

CVE-2016-10179 CVE record
CVE.org
CVE-2016-10179 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Exploit, Technical Description, Third Party Advisory

Publicly disclosed in the CVE record on 2017-01-30; the NVD entry was last modified on 2026-05-13.