Home

Description

EN DE

A vulnerability was found in D-Link DIR-816L 2_06_b09_beta. This vulnerability affects the function scandir_main of the file /portal/__ajax_exporer.sgi. The manipulation of the argument en results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

In D-Link DIR-816L 2_06_b09_beta ist eine Schwachstelle entdeckt worden. Das betrifft die Funktion scandir_main der Datei /portal/__ajax_exporer.sgi. Durch das Manipulieren des Arguments en mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Die Ausnutzung wurde veröffentlicht und kann verwendet werden.

PUBLISHED Reserved 2025-11-14 | Published 2025-11-15 | Updated 2025-11-17 | Assigner VulDB




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
HIGH: 8.8CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
9.0AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR

Problem types

Stack-based Buffer Overflow

Memory Corruption

Product status

2_06_b09_beta
affected

Timeline

2025-11-14:Advisory disclosed
2025-11-14:VulDB entry created
2025-11-14:VulDB entry last update

Credits

Lexpl0it (VulDB User) reporter

References

github.com/.../main/DIR-816L stack overflow(scandir.sgi).pdf exploit

vuldb.com/?id.332479 (VDB-332479 | D-Link DIR-816L __ajax_exporer.sgi scandir_main stack-based overflow) vdb-entry technical-description

vuldb.com/?ctiid.332479 (VDB-332479 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.685541 (Submit #685541 | D-Link DIR-816L DIR816L_REVB_FW_2_06_b09_beta Stack-based Buffer Overflow) third-party-advisory

github.com/.../main/DIR-816L stack overflow(scandir.sgi).pdf exploit

www.dlink.com/ product

cve.org (CVE-2025-13190)

nvd.nist.gov (CVE-2025-13190)

Download JSON