CVE-2025-13190

CVE Database · CVE-2025-13190

CVE-2025-13190

· HIGHAnalyzed

CVSS v3.1

8.8

CVSS v4.0

7.4

EPSS

0.74%

Published

Nov 15, 2025

Modified

Nov 20, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability was found in D-Link DIR-816L 2_06_b09_beta. This vulnerability affects the function scandir_main of the file /portal/__ajax_exporer.sgi. The manipulation of the argument en results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-119CWE-121

Affected Products (2)

dlink · dir-816l_firmwarevulnerable

dlink · dir-816l

References (6)

https://github.com/scanleale/IOT_sec/blob/main/DIR-816L%20stack%20overflow(scandir.sgi).pdf

ExploitThird Party Advisory

https://vuldb.com/?ctiid.332479

Permissions RequiredVDB Entry