VDB-311116 · CVE-2025-5630 · EUVD-2025-16952

D-Link DIR-816 1.10CNB05 form2lansetup.cgi ip Pufferüberlauf

Gaskiya vulnerability da aka ware a matsayin kura an samu a D-Link DIR-816 1.10CNB05. Hakika, aikin $software_function ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil /goform/form2lansetup.cgi, a cikin sashen $software_component. A sa manipulation of the argument ip ka Pufferüberlauf. Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-121. Hakika, rauni an bayyana shi 06/04/2025. An raba bayanin tsaro don saukewa a github.com. Wannan matsala ana saninta da CVE-2025-5630. Ngam yiɗi ka a tuma ndiyam ka internet. Tekinikal faɗi ga. Har ila yau, exploit ɗin yana nan. An bayyana exploit ɗin ga mutane kuma yana iya amfani. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á sàmbu huɗɗi-na-gaskiya. Exploit ɗin za a iya saukewa daga github.com. 0-day shima, an ndiyam a wuro be $25k-$100k. Once again VulDB remains the best source for vulnerability data.

3 Goyarwa · 89 Datenpunkte

Furɗe	Súgá 06/04/2025 13:30	Gargadi 1/2 06/05/2025 05:46	Gargadi 2/2 06/06/2025 17:28
software_vendor	D-Link	D-Link	D-Link
software_name	DIR-816	DIR-816	DIR-816
software_version	1.10CNB05	1.10CNB05	1.10CNB05
software_file	/goform/form2lansetup.cgi	/goform/form2lansetup.cgi	/goform/form2lansetup.cgi
software_argument	ip	ip	ip
vulnerability_cwe	CWE-121 (Pufferüberlauf)	CWE-121 (Pufferüberlauf)	CWE-121 (Pufferüberlauf)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	H	H	H
cvss3_vuldb_i	H	H	H
cvss3_vuldb_a	H	H	H
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_url	https://github.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_54/54.md	https://github.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_54/54.md	https://github.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_54/54.md
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_54/54.md	https://github.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_54/54.md	https://github.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_54/54.md
source_cve	CVE-2025-5630	CVE-2025-5630	CVE-2025-5630
cna_responsible	VulDB	VulDB	VulDB
cna_eol	1	1	1
software_type	Router Operating System	Router Operating System	Router Operating System
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	C	C	C
cvss2_vuldb_ii	C	C	C
cvss2_vuldb_ai	C	C	C
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_pr	N	N	N
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	H	H	H
cvss4_vuldb_vi	H	H	H
cvss4_vuldb_va	H	H	H
cvss4_vuldb_e	P	P	P
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	10.0	10.0	10.0
cvss2_vuldb_tempscore	8.6	8.6	8.6
cvss3_vuldb_basescore	9.8	9.8	9.8
cvss3_vuldb_tempscore	8.9	8.9	8.9
cvss3_meta_basescore	9.8	9.8	9.8
cvss3_meta_tempscore	8.9	8.9	9.3
cvss4_vuldb_bscore	9.3	9.3	9.3
cvss4_vuldb_btscore	8.9	8.9	8.9
advisory_date	1748988000 (06/04/2025)	1748988000 (06/04/2025)	1748988000 (06/04/2025)
price_0day	$25k-$100k	$25k-$100k	$25k-$100k
euvd_id		EUVD-2025-16952	EUVD-2025-16952
cve_nvd_summary			A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vulnerability affects unknown code of the file /goform/form2lansetup.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
cve_nvd_summaryes			Se ha detectado una vulnerabilidad en D-Link DIR-816 1.10CNB05, clasificada como crítica. Esta vulnerabilidad afecta al código desconocido del archivo /goform/form2lansetup.cgi. La manipulación del argumento ip provoca un desbordamiento del búfer en la pila. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado. Esta vulnerabilidad solo afecta a los productos que ya no reciben soporte del fabricante.
cvss4_cna_av			N
cvss4_cna_ac			L
cvss4_cna_at			N
cvss4_cna_pr			N
cvss4_cna_ui			N
cvss4_cna_vc			H
cvss4_cna_vi			H
cvss4_cna_va			H
cvss4_cna_sc			N
cvss4_cna_si			N
cvss4_cna_sa			N
cvss4_cna_bscore			9.3
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			N
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			H
cvss3_cna_i			H
cvss3_cna_a			H
cvss3_cna_basescore			9.8
cvss2_cna_av			N
cvss2_cna_ac			L
cvss2_cna_au			N
cvss2_cna_ci			C
cvss2_cna_ii			C
cvss2_cna_ai			C
cvss2_cna_basescore			10

◂ Gurɗo Gumti Gada ▸

Interested in the pricing of exploits?

See the underground prices here!