CVE-2025-13191

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions D-Link DIR-816L version 2 06 b09 beta

Description A stack-based buffer overflow exists in the soapcgi main function of the /soap.cgi file. This issue allows for remote exploitation. The exploit has been publicly disclosed. The affected product is no longer supported by the maintainer. The vulnerability stems from improper handling of input data within the soapcgi main function, potentially allowing an attacker to execute arbitrary code remotely.

Recommendations Replace or isolate affected devices.

Exploit

Fix

Stack Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-119

Related Identifiers

BDU:2025-14836

CVE-2025-13191

Affected Products

Dir-816

CVE-2025-13191

Weakness Enumeration

Related Identifiers

Affected Products

References · 16