- Description
- A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Affected by this vulnerability is the function authenticationcgi_main of the file /authentication.cgi. Performing manipulation of the argument Password results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
- Source
- cna@vuldb.com
- NVD status
- Analyzed
- CNA Tags
- unsupported-when-assigned
- Products
- dir-816l_firmware
CVSS 4.0
- Type
- Secondary
- Base score
- 8.9
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Secondary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
- cna@vuldb.com
- CWE-119
- Hype score
- Not currently trending
⚠️ CVE-2025-13188: D-Link DIR-816L stack-based buffer overflow (CVSS 9.8) Authentication.cgi Password parameter vulnerable to remote exploitation. Public exploit available. EOL router = permanent vulnerability window. Consumer IoT devices with public exploits should be repla
@gothburz
17 Nov 2025
514 Impressions
1 Retweet
5 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2025-13188: D-Link DIR-816L stack-based buffer overflow (CVSS 9.8). Authentication.cgi Password parameter vulnerable to remote exploitation. Public exploit available. EOL router = permanent vulnerability window. Advisory: https://t.co/6qbAUlBSIs
@gothburz
16 Nov 2025
1385 Impressions
4 Retweets
16 Likes
2 Bookmarks
0 Replies
0 Quotes
[CVE-2025-13188: CRITICAL] Vulnerability detected in D-Link DIR-816L 2_06_b09_beta authenticationcgi_main. Exploit allows remote stack-based buffer overflow with Password manipulation. Device no longer suppo...#cve,CVE-2025-13188,#cybersecurity https://t.co/htVcnTkxdD https://t.c
@CveFindCom
15 Nov 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
**CVE-2025-13188** pertains to a **stack-based buffer overflow** vulnerability identified in the **D-Link DIR-816L 2_06_b09_beta** firmware. It specifically affects the **`authenticationcgi_main`** function within the **`authentication.cgi`** script. An attacker can manipulate
@CveTodo
14 Nov 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-13188 A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Affected by this vulnerability is the function authenticationcgi_main of the file /authentication.cgi. … https://t.co/B9jrEQfAAC
@CVEnew
14 Nov 2025
578 Impressions
1 Retweet
4 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:*",
"matchCriteriaId": "ABE7E66F-20B2-4A39-A845-03E5FBBD9E2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-816l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A17C1E74-E315-4292-AF6B-EEF86B64A63C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]