PatchSiren cyber security CVE debrief
CVE-2016-10183 Dlink CVE debrief
CVE-2016-10183 affects the D-Link DWR-932B router firmware and is described as a qmiweb directory listing flaw involving ../ traversal. NVD rates it HIGH with a CVSS v3.1 score of 7.5, driven by network reachability, no required privileges, no user interaction, and high confidentiality impact. The primary defensive concern is unauthorized disclosure of files or directory contents exposed by the web component.
- Vendor
- Dlink
- Product
- CVE-2016-10183
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-01-30
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-01-30
- Advisory updated
- 2026-05-13
Who should care
Administrators and owners of D-Link DWR-932B devices, especially any deployment exposing router management services to untrusted networks. Security teams responsible for small-office or edge-router inventories should also prioritize it because the issue is remotely reachable and can expose sensitive information without authentication.
Technical summary
The NVD record maps this issue to CWE-22 (path traversal). The affected CPE entry identifies D-Link DWR-932B firmware 02.02eu revb as vulnerable. Based on the published description and linked technical advisory, the qmiweb component permits directory listing with ../ traversal, which aligns with a remote information-disclosure condition rather than an integrity or availability impact. The CVSS vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N supports a no-auth, network-reachable disclosure weakness.
Defensive priority
High
Recommended defensive actions
- Identify whether any D-Link DWR-932B devices are deployed and confirm the firmware version in use.
- Remove or restrict exposure of router management interfaces to trusted administrative networks only.
- Place affected devices behind access controls such as VPN or management VLANs rather than exposing them directly to the internet.
- Monitor for unexpected access to the qmiweb/web management interface and review logs for suspicious directory traversal attempts.
- Apply any vendor-provided firmware update if available; if the device is unsupported, plan replacement or isolation.
Evidence notes
Evidence is drawn from the official NVD CVE record and its linked references. NVD describes the issue as qmiweb allowing directory listing with ../ traversal on the D-Link DWR-932B router, assigns CWE-22, and lists affected firmware CPE 02.02eu revb. The CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating remote unauthenticated confidentiality impact. The linked third-party technical advisory and SecurityFocus BID 95877 are present in the record as supporting references.
Official resources
-
CVE-2016-10183 CVE record
CVE.org
-
CVE-2016-10183 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Exploit, Technical Description, Third Party Advisory
Publicly disclosed in the CVE record on 2017-01-30. The NVD references also point to a technical write-up dated 2016-09-28.