CVE-2025-13188
moderate-risk
Published 2025-11-14
A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Affected by this vulnerability is the function authenticationcgi_main of the file /authentication.cgi. Performing manipulation of the argument Password results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Do I need to act?
-
0.33% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (6)
Permissions Required
https://vuldb.com/?ctiid.332476
Third Party Advisory
https://vuldb.com/?id.332476
Third Party Advisory
https://vuldb.com/?submit.685538
Product
https://www.dlink.com/
38
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal