CVE 9.3 CRITICAL

D-Link DIR-816L authentication.cgi authenticationcgi_main stack-based overflow_CVE-2025-13188

November 15, 2025 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Affected by this vulnerability is the function authenticationcgi_main of the file /authentication.cgi. Performing manipulation of the argument Password results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

AI Analysis

Stack-based buffer overflow in D-Link DIR-816L authentication.cgi

Basic Information

ID CVE-2025-13188

Source VulDB

Published Nov 14, 2025 at 22:32

Affected Product

Vendor D-Link

Product DIR-816L

Version 2_06_b09_beta

Affected Versions D-Link DIR-816L 2_06_b09_beta

CWE Classification

CWE-121 CWE-119

AI Assessment

AI Score 9.3 / 10

AI Severity CRITICAL

Vendor D-Link

Product DIR-816L

Version 2_06_b09_beta

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Affected by this vulnerability is the function authenticationcgi_main of the file /authentication.cgi. Performing manipulation of the argument Password results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.",
    "published": "2025-11-14T22:32:06.220Z",
    "modified": "2025-11-14T22:32:06.220Z",
    "type": "cve",
    "title": "D-Link DIR-816L authentication.cgi authenticationcgi_main stack-based overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.332476\nhttps://vuldb.com/?ctiid.332476\nhttps://vuldb.com/?submit.685538\nhttps://github.com/scanlealeale/IOT_sec/blob/main/DIR-816L%20stack%20overflow(authentication.cgi).pdf\nhttps://www.dlink.com/",
    "id": "CVE-2025-13188",
    "bulletinFamily": "",
    "cwe": [
        "CWE-121",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "D-Link DIR-816L 2_06_b09_beta",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DIR-816L",
    "version": "2_06_b09_beta",
    "vendor": "D-Link",
    "ai_description": "Stack-based buffer overflow in D-Link DIR-816L authentication.cgi",
    "ai_severity": "CRITICAL",
    "ai_vendor": "D-Link",
    "ai_product": "DIR-816L",
    "ai_version": "2_06_b09_beta",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply