Sign-up

ID

VAR-202511-0293


CVE

CVE-2025-13191


TITLE

D-Link Corporation  of  DIR-816L  Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-019674

DESCRIPTION

A vulnerability was determined in D-Link DIR-816L 2_06_b09_beta. This issue affects the function soapcgi_main of the file /soap.cgi. This manipulation causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Corporation of DIR-816L The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The DIR-816L is a wireless router product manufactured by D-Link. This vulnerability stems from the fact that the soapcgi_main function in the /soap.cgi file does not perform effective boundary checks on input data. An attacker could exploit this vulnerability to trigger a stack overflow by remotely sending specially crafted data, thereby executing arbitrary code or causing service crashes

Trust: 2.16

sources: NVD: CVE-2025-13191 // JVNDB: JVNDB-2025-019674 // CNVD: CNVD-2025-28795

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-28795

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-816lscope:eqversion:2.06.b09

Trust: 1.0

vendor:d linkmodel:dir-816lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-816lscope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dir-816lscope:eqversion:dir-816l firmware 2.06.b09

Trust: 0.8

vendor:d linkmodel:dir-816l 2 06 b09 betascope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-28795 // JVNDB: JVNDB-2025-019674 // NVD: CVE-2025-13191

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-13191
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-13191
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2025-019674
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-28795
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-13191
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-019674
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-28795
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-13191
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-13191
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-019674
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-28795 // JVNDB: JVNDB-2025-019674 // NVD: CVE-2025-13191 // NVD: CVE-2025-13191

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-019674 // NVD: CVE-2025-13191

EXTERNAL IDS

db:NVDid:CVE-2025-13191

Trust: 3.2

db:VULDBid:332480

Trust: 1.8

db:JVNDBid:JVNDB-2025-019674

Trust: 0.8

db:CNVDid:CNVD-2025-28795

Trust: 0.6

sources: CNVD: CNVD-2025-28795 // JVNDB: JVNDB-2025-019674 // NVD: CVE-2025-13191

REFERENCES

url:https://github.com/scanleale/iot_sec/blob/main/dir-816l%20stack%20overflow(soap.cgi).pdf

Trust: 1.8

url:https://vuldb.com/?id.332480

Trust: 1.8

url:https://vuldb.com/?submit.685543

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2025-13191

Trust: 1.4

url:https://vuldb.com/?ctiid.332480

Trust: 1.0

sources: CNVD: CNVD-2025-28795 // JVNDB: JVNDB-2025-019674 // NVD: CVE-2025-13191

SOURCES

db:CNVDid:CNVD-2025-28795
db:JVNDBid:JVNDB-2025-019674
db:NVDid:CVE-2025-13191

LAST UPDATE DATE

2025-11-23T23:57:22.624000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-28795date:2025-11-19T00:00:00
db:JVNDBid:JVNDB-2025-019674date:2025-11-21T09:08:00
db:NVDid:CVE-2025-13191date:2025-11-19T18:04:24.997

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-28795date:2025-11-19T00:00:00
db:JVNDBid:JVNDB-2025-019674date:2025-11-21T00:00:00
db:NVDid:CVE-2025-13191date:2025-11-15T07:15:46.627