CVE-2016-10181 Dlink CVE debrief

Who should care

Administrators and owners of D-Link DWR-932B routers, especially systems matching the affected firmware CPE, and security teams responsible for exposed consumer or small-office LTE routers.

Technical summary

NVD maps the affected software to cpe:2.3:o:dlink:dwr-932b_firmware:02.02eu:revb. The issue is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The CVE description states that qmiweb provides sensitive information for CfgType=get_homeCfg requests. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating a remotely reachable disclosure with no integrity or availability impact documented.

Defensive priority

High. This is a network-exposed information disclosure flaw with no authentication requirement and high confidentiality impact. Prioritize it for any Internet-facing or broadly accessible D-Link DWR-932B deployment.

Recommended defensive actions

• Identify D-Link DWR-932B devices in inventory and verify whether the affected firmware version is deployed.
• Restrict or remove network exposure of management interfaces and related services where possible.
• Apply vendor-provided firmware updates or mitigations if available; if no fix is available, isolate or replace affected devices.
• Review logs and access controls for unexpected requests related to qmiweb or CfgType=get_homeCfg.
• Treat any data exposed through the affected request path as sensitive and rotate credentials or secrets if exposure is suspected.

Evidence notes

The supplied corpus includes the CVE record, NVD detail data, and a third-party technical advisory reference. NVD lists the vulnerability as modified on 2026-05-13, while the CVE itself was published on 2017-01-30; the modified date applies to the record, not the original vulnerability disclosure. No KEV listing is present in the supplied data.

Official resources