CVE-2025-60679

Name of the Vulnerable Software and Affected Versions D-Link DIR-816A2 router firmware versions prior to DIR-816A2 FWv1.10CNB05 R1B011D88210

Description A stack buffer overflow condition exists in the D-Link DIR-816A2 router firmware. The issue is located in the upload.cgi module, which processes firmware version information. The vulnerability arises from reading the contents of /proc/version into a 512-byte buffer and then concatenating it with a 29-byte constant into another 512-byte buffer using the sprintf() function. Input exceeding 481 bytes in length causes a stack buffer overflow. An attacker controlling the content of /proc/version could potentially execute arbitrary code on the device.

Recommendations Update the firmware to version DIR-816A2 FWv1.10CNB05 R1B011D88210 or a later version.