AI description
CVE-2025-13188 is a vulnerability found in D-Link DIR-816L version 2_06_b09_beta. It involves a stack-based buffer overflow in the `authenticationcgi_main` function of the `/authentication.cgi` file. By manipulating the `Password` argument, a remote attacker can trigger this overflow. This vulnerability could allow an attacker to remotely compromise the router's system, execute arbitrary code without authentication, and gain full control over the device, potentially compromising the confidentiality, integrity, and availability of the router's systems. The affected products are no longer supported by the maintainer, and a public exploit is available.
- Description
- A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Affected by this vulnerability is the function authenticationcgi_main of the file /authentication.cgi. Performing manipulation of the argument Password results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
- Source
- cna@vuldb.com
- NVD status
- Received
- CNA Tags
- unsupported-when-assigned
CVSS 4.0
- Type
- Secondary
- Base score
- 8.9
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Secondary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
- cna@vuldb.com
- CWE-119
- Hype score
- Not currently trending
CVE-2025-13188: D-Link DIR-816L stack-based buffer overflow (CVSS 9.8). Authentication.cgi Password parameter vulnerable to remote exploitation. Public exploit available. EOL router = permanent vulnerability window. Advisory: https://t.co/6qbAUlBSIs
@gothburz
16 Nov 2025
1385 Impressions
4 Retweets
16 Likes
2 Bookmarks
0 Replies
0 Quotes
[CVE-2025-13188: CRITICAL] Vulnerability detected in D-Link DIR-816L 2_06_b09_beta authenticationcgi_main. Exploit allows remote stack-based buffer overflow with Password manipulation. Device no longer suppo...#cve,CVE-2025-13188,#cybersecurity https://t.co/htVcnTkxdD https://t.c
@CveFindCom
15 Nov 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
**CVE-2025-13188** pertains to a **stack-based buffer overflow** vulnerability identified in the **D-Link DIR-816L 2_06_b09_beta** firmware. It specifically affects the **`authenticationcgi_main`** function within the **`authentication.cgi`** script. An attacker can manipulate
@CveTodo
14 Nov 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-13188 A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Affected by this vulnerability is the function authenticationcgi_main of the file /authentication.cgi. … https://t.co/B9jrEQfAAC
@CVEnew
14 Nov 2025
578 Impressions
1 Retweet
4 Likes
0 Bookmarks
0 Replies
0 Quotes