PatchSiren cyber security CVE debrief

CVE-2016-10186 Dlink CVE debrief

CVE-2016-10186 affects the D-Link DWR-932B router firmware identified in NVD as cpe:2.3:o:dlink:dwr-932b_firmware:02.02eu:revb. The NVD description says /var/miniupnpd.conf has no deny rules, indicating a configuration weakness in the router’s miniupnpd setup. NVD rates the issue HIGH (CVSS 7.5) with network attack vector, no privileges, and no user interaction, and the supplied CVSS vector shows integrity impact as the primary concern.

Vendor: Dlink
Product: CVE-2016-10186
CVSS: HIGH 7.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-30
Original CVE updated: 2026-05-13
Advisory published: 2017-01-30
Advisory updated: 2026-05-13

Who should care

Administrators and owners of D-Link DWR-932B devices, especially fleets running the affected firmware, should care. Security teams responsible for small-office routers, mobile hotspots, and embedded network appliances should also review exposure to miniupnpd/UPnP-related configuration issues.

Technical summary

The supplied NVD record ties this CVE to a missing-deny-rule configuration problem in /var/miniupnpd.conf on the D-Link DWR-932B. The vulnerability is network reachable (AV:N), requires no authentication (PR:N), and no user interaction (UI:N). NVD maps it to CWE-399 and a CVSS 3.1 vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N, meaning the documented impact is integrity-related rather than confidentiality or availability loss.

Defensive priority

High. The flaw is remotely reachable and unauthenticated according to NVD, so affected devices should be prioritized for inventory, configuration review, and isolation if remediation is not available.

Recommended defensive actions

Identify D-Link DWR-932B devices and confirm whether firmware 02.02eu:revb or another affected build is in use.
Apply vendor-recommended firmware updates or mitigations if available through official D-Link support channels.
Disable UPnP/miniupnpd if the service is not required for business use.
Restrict router administration and management access to trusted networks only.
Segment affected devices from sensitive internal systems until they are verified as remediated.
If the device is unsupported or cannot be updated, plan for replacement or isolation.
Monitor for unexpected changes to router configuration files and UPnP-related behavior.

Evidence notes

All substantive details in this debrief come from the supplied NVD record and its cited references. The NVD description states that /var/miniupnpd.conf has no deny rules; the CPE data identifies D-Link DWR-932B firmware 02.02eu:revb as affected; and the CVSS vector shows network reachability with integrity impact. The supplied corpus also cites a SecurityFocus BID entry and a third-party technical advisory by Pierre Kim, but no additional remediation specifics are present in the corpus provided here.

Official resources

CVE-2016-10186 CVE record
CVE.org
CVE-2016-10186 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Exploit, Technical Description, Third Party Advisory

CVE published: 2017-01-30T04:59:00.533Z. NVD record last modified: 2026-05-13T00:24:29.033Z. The supplied corpus does not include a vendor disclosure or patch timeline.