Sign-up

ID

VAR-202511-0262


CVE

CVE-2025-13189


TITLE

D-Link DIR-816L buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-28797

DESCRIPTION

A vulnerability has been found in D-Link DIR-816L 2_06_b09_beta. This affects the function genacgi_main of the file gena.cgi. The manipulation of the argument SERVER_ID/HTTP_SID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. The DIR-816L is a wireless router device from D-Link. An attacker could exploit this vulnerability to remotely manipulate the parameters, triggering a stack overflow that could then execute arbitrary code or cause service crashes

Trust: 1.44

sources: NVD: CVE-2025-13189 // CNVD: CNVD-2025-28797

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-28797

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-816lscope:eqversion:2.06.b09

Trust: 1.0

vendor:d linkmodel:dir-816l 2 06 b09 betascope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-28797 // NVD: CVE-2025-13189

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-13189
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-13189
value: CRITICAL

Trust: 1.0

CNVD: CNVD-2025-28797
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-13189
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2025-28797
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-13189
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-13189
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-28797 // NVD: CVE-2025-13189 // NVD: CVE-2025-13189

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

sources: NVD: CVE-2025-13189

EXTERNAL IDS

db:NVDid:CVE-2025-13189

Trust: 1.6

db:VULDBid:332478

Trust: 1.6

db:CNVDid:CNVD-2025-28797

Trust: 0.6

sources: CNVD: CNVD-2025-28797 // NVD: CVE-2025-13189

REFERENCES

url:https://vuldb.com/?id.332478

Trust: 1.6

url:https://vuldb.com/?ctiid.332478

Trust: 1.6

url:https://vuldb.com/?submit.685540

Trust: 1.6

url:https://www.dlink.com/

Trust: 1.6

url:https://github.com/scanleale/iot_sec/blob/main/dir-816l%20stack%20overflow(gena.cgi).pdf

Trust: 1.0

url:https://github.com/scanleale/iot_sec/blob/main/dir-816l%20stack%20overflow

Trust: 0.6

sources: CNVD: CNVD-2025-28797 // NVD: CVE-2025-13189

SOURCES

db:CNVDid:CNVD-2025-28797
db:NVDid:CVE-2025-13189

LAST UPDATE DATE

2025-11-20T23:13:32.824000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-28797date:2025-11-19T00:00:00
db:NVDid:CVE-2025-13189date:2025-11-20T14:30:40.157

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-28797date:2025-11-19T00:00:00
db:NVDid:CVE-2025-13189date:2025-11-15T06:15:43.553