{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-13188","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-11-14T13:06:30.920Z","datePublished":"2025-11-14T22:32:06.220Z","dateUpdated":"2025-11-17T20:43:05.895Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-11-14T22:32:06.220Z"},"title":"D-Link DIR-816L authentication.cgi authenticationcgi_main stack-based overflow","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-121","lang":"en","description":"Stack-based Buffer Overflow"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-119","lang":"en","description":"Memory Corruption"}]}],"affected":[{"vendor":"D-Link","product":"DIR-816L","versions":[{"version":"2_06_b09_beta","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Affected by this vulnerability is the function authenticationcgi_main of the file /authentication.cgi. Performing manipulation of the argument Password results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer."},{"lang":"de","value":"Eine Schwachstelle wurde in D-Link DIR-816L 2_06_b09_beta gefunden. Es ist betroffen die Funktion authenticationcgi_main der Datei /authentication.cgi. Durch Manipulation des Arguments Password mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Es ist möglich, den Angriff aus der Ferne durchzuführen. Der Exploit wurde der Öffentlichkeit bekannt gemacht und könnte verwendet werden."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":9.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P","baseSeverity":"CRITICAL"}},{"cvssV3_1":{"version":"3.1","baseScore":9.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:R","baseSeverity":"CRITICAL"}},{"cvssV3_0":{"version":"3.0","baseScore":9.8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:R","baseSeverity":"CRITICAL"}},{"cvssV2_0":{"version":"2.0","baseScore":10,"vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:W/RC:UR"}}],"timeline":[{"time":"2025-11-14T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-11-14T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-11-14T14:11:34.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"Lexpl0it (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.332476","name":"VDB-332476 | D-Link DIR-816L authentication.cgi authenticationcgi_main stack-based overflow","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.332476","name":"VDB-332476 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.685538","name":"Submit #685538 | D-Link DIR-816L DIR816L_REVB_FW_2_06_b09_beta Stack-based Buffer Overflow","tags":["third-party-advisory"]},{"url":"https://github.com/scanleale/IOT_sec/blob/main/DIR-816L%20stack%20overflow(authentication.cgi).pdf","tags":["exploit"]},{"url":"https://www.dlink.com/","tags":["product"]}],"tags":["unsupported-when-assigned"]},"adp":[{"references":[{"url":"https://github.com/scanleale/IOT_sec/blob/main/DIR-816L%20stack%20overflow(authentication.cgi).pdf","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-11-17T20:43:02.351222Z","id":"CVE-2025-13188","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-11-17T20:43:05.895Z"}}]}}