Sign-up

ID

VAR-202511-0322


CVE

CVE-2025-13190


TITLE

D-Link DIR-816L buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-28796

DESCRIPTION

A vulnerability was found in D-Link DIR-816L 2_06_b09_beta. This vulnerability affects the function scandir_main of the file /portal/__ajax_exporer.sgi. The manipulation of the argument en results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. The DIR-816L is a wireless router product manufactured by D-Link. Version 2_06_b09_beta of the D-Link DIR-816L contains a stack buffer overflow vulnerability. This vulnerability stems from a failure to properly validate the input length when manipulating the `en` parameter of the `scandir_main` function in the `/portal/__ajax_exporer.sgi` file. An attacker could exploit this vulnerability to trigger a stack overflow by remotely sending specially crafted data, thereby executing arbitrary code or causing service interruption

Trust: 1.44

sources: NVD: CVE-2025-13190 // CNVD: CNVD-2025-28796

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-28796

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-816lscope:eqversion:2.06.b09

Trust: 1.0

vendor:d linkmodel:dir-816l 2 06 b09 betascope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-28796 // NVD: CVE-2025-13190

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-13190
value: HIGH

Trust: 1.0

CNVD: CNVD-2025-28796
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-13190
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2025-28796
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-13190
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-28796 // NVD: CVE-2025-13190

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

sources: NVD: CVE-2025-13190

EXTERNAL IDS

db:NVDid:CVE-2025-13190

Trust: 1.6

db:VULDBid:332479

Trust: 1.6

db:CNVDid:CNVD-2025-28796

Trust: 0.6

sources: CNVD: CNVD-2025-28796 // NVD: CVE-2025-13190

REFERENCES

url:https://vuldb.com/?id.332479

Trust: 1.6

url:https://vuldb.com/?ctiid.332479

Trust: 1.6

url:https://vuldb.com/?submit.685541

Trust: 1.6

url:https://www.dlink.com/

Trust: 1.6

url:https://github.com/scanleale/iot_sec/blob/main/dir-816l%20stack%20overflow(scandir.sgi).pdf

Trust: 1.0

url:https://github.com/scanleale/iot_sec/blob/main/dir-816l%20stack%20overflow

Trust: 0.6

sources: CNVD: CNVD-2025-28796 // NVD: CVE-2025-13190

SOURCES

db:CNVDid:CNVD-2025-28796
db:NVDid:CVE-2025-13190

LAST UPDATE DATE

2025-11-20T23:34:31.931000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-28796date:2025-11-19T00:00:00
db:NVDid:CVE-2025-13190date:2025-11-20T14:19:15.530

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-28796date:2025-11-19T00:00:00
db:NVDid:CVE-2025-13190date:2025-11-15T07:15:46.157