CVE 8.7 HIGH

D-Link DIR-816L soap.cgi soapcgi_main stack-based overflow_CVE-2025-13191

November 15, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in D-Link DIR-816L 2_06_b09_beta. This issue affects the function soapcgi_main of the file /soap.cgi. This manipulation causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.

AI Analysis

Stack-based buffer overflow vulnerability in the soapcgi_main function of the /soap.cgi file in D-Link DIR-816L 2_06_b09_beta, allowing remote attackers to initiate an attack.

Basic Information

ID CVE-2025-13191

Source VulDB

Published Nov 15, 2025 at 07:02

Affected Product

Vendor D-Link

Product DIR-816L

Version 2_06_b09_beta

Affected Versions D-Link DIR-816L 2_06_b09_beta

CWE Classification

CWE-121 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor D-Link

Product DIR-816L

Version 2_06_b09_beta

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in D-Link DIR-816L 2_06_b09_beta. This issue affects the function soapcgi_main of the file /soap.cgi. This manipulation causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.",
    "published": "2025-11-15T07:02:06.314Z",
    "modified": "2025-11-15T07:02:06.314Z",
    "type": "cve",
    "title": "D-Link DIR-816L soap.cgi soapcgi_main stack-based overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.332480\nhttps://vuldb.com/?ctiid.332480\nhttps://vuldb.com/?submit.685543\nhttps://github.com/scanlealeale/IOT_sec/blob/main/DIR-816L%20stack%20overflow(soap.cgi).pdf\nhttps://www.dlink.com/",
    "id": "CVE-2025-13191",
    "bulletinFamily": "",
    "cwe": [
        "CWE-121",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "D-Link DIR-816L 2_06_b09_beta",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DIR-816L",
    "version": "2_06_b09_beta",
    "vendor": "D-Link",
    "ai_description": "Stack-based buffer overflow vulnerability in the soapcgi_main function of the /soap.cgi file in D-Link DIR-816L 2_06_b09_beta, allowing remote attackers to initiate an attack.",
    "ai_severity": "High",
    "ai_vendor": "D-Link",
    "ai_product": "DIR-816L",
    "ai_version": "2_06_b09_beta",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply