A vulnerability was determined in D-Link DIR-816L 2_06_b09_beta. This issue affects the function soapcgi_main of the file /soap.cgi. This manipulation causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.
References
| Link | Resource |
|---|---|
| https://github.com/scanleale/IOT_sec/blob/main/DIR-816L%20stack%20overflow(soap.cgi).pdf | Exploit Third Party Advisory |
| https://vuldb.com/?ctiid.332480 | Permissions Required VDB Entry |
| https://vuldb.com/?id.332480 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.685543 | Third Party Advisory VDB Entry |
| https://www.dlink.com/ | Product |
Configurations
Configuration 1 (hide)
| AND |
|
History
19 Nov 2025, 18:04
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Dlink dir-816l
Dlink Dlink dir-816l Firmware |
|
| CPE | cpe:2.3:h:dlink:dir-816l:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:* |
|
| References | () https://github.com/scanleale/IOT_sec/blob/main/DIR-816L%20stack%20overflow(soap.cgi).pdf - Exploit, Third Party Advisory | |
| References | () https://vuldb.com/?ctiid.332480 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.332480 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.685543 - Third Party Advisory, VDB Entry | |
| References | () https://www.dlink.com/ - Product |
15 Nov 2025, 07:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-11-15 07:15
Updated : 2025-11-19 18:04
NVD link : CVE-2025-13191
Mitre link : CVE-2025-13191
CVE.ORG link : CVE-2025-13191
JSON object : View
Products Affected
dlink
- dir-816l
- dir-816l_firmware