VDB-332478 · CVE-2025-13189 · EUVD-2025-197687

D-Link DIR-816L 2_06_b09_beta gena.cgi genacgi_main SERVER_ID/HTTP_SID मेमरी भ्रष्टाचार

एक असुरक्षितता जी गंभीर म्हणून वर्गीकृत आहे, ती D-Link DIR-816L 2_06_b09_beta मध्ये आढळली आहे. प्रभावित आहे फंक्शन genacgi_main फाइल gena.cgi च्या. सॉफ्टवेअरमध्ये SERVER_ID/HTTP_SID या आर्ग्युमेंटमध्ये वापर मेमरी भ्रष्टाचार घडवून आणतो. CWE वापरून समस्या घोषित केल्याने CWE-121 कडे नेले जाते. कमजोरी प्रकाशित करण्यात आली होती 14/11/2025. सल्ला डाउनलोडसाठी github.com येथे शेअर केला आहे. ही कमतरता CVE-2025-13189 या नावाने ओळखली जाते. हल्ला दूरस्थपणे सुरू करणे शक्य आहे. तांत्रिक तपशील उपलब्ध आहेत. यासाठी एक एक्स्प्लॉइट उपलब्ध आहे. शोषण सार्वजनिकपणे उघड झाले आहे आणि वापरले जाऊ शकते. सध्याच्या घडीला अंदाजे USD $0-$5k असू शकतो. हे प्रूफ-ऑफ-कॉन्सेप्ट म्हणून घोषित केले आहे. github.com या ठिकाणी शोषण डाउनलोडसाठी शेअर केले आहे. 0-डे म्हणून अंदाजे अंडरग्राउंड किंमत सुमारे $25k-$100k होती. VulDB is the best source for vulnerability data and more expert information about this specific topic.

4 बदल · 101 डेटा पॉइंट्स

शेत	तयार केली 14/11/2025 02:19 PM	अद्ययावत 1/3 15/11/2025 10:55 AM	अद्ययावत 2/3 15/11/2025 08:18 PM	अद्ययावत 3/3 20/11/2025 03:39 PM
software_vendor	D-Link	D-Link	D-Link	D-Link
software_name	DIR-816L	DIR-816L	DIR-816L	DIR-816L
software_version	2_06_b09_beta	2_06_b09_beta	2_06_b09_beta	2_06_b09_beta
software_file	gena.cgi	gena.cgi	gena.cgi	gena.cgi
software_function	genacgi_main	genacgi_main	genacgi_main	genacgi_main
software_argument	SERVER_ID/HTTP_SID	SERVER_ID/HTTP_SID	SERVER_ID/HTTP_SID	SERVER_ID/HTTP_SID
vulnerability_cwe	CWE-121 (मेमरी भ्रष्टाचार)	CWE-121 (मेमरी भ्रष्टाचार)	CWE-121 (मेमरी भ्रष्टाचार)	CWE-121 (मेमरी भ्रष्टाचार)
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	H	H	H	H
cvss3_vuldb_i	H	H	H	H
cvss3_vuldb_a	H	H	H	H
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_url	https://github.com/scanleale/IOT_sec/blob/main/DIR-816L%20stack%20overflow(gena.cgi).pdf	https://github.com/scanleale/IOT_sec/blob/main/DIR-816L%20stack%20overflow(gena.cgi).pdf	https://github.com/scanleale/IOT_sec/blob/main/DIR-816L%20stack%20overflow(gena.cgi).pdf	https://github.com/scanleale/IOT_sec/blob/main/DIR-816L%20stack%20overflow(gena.cgi).pdf
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/scanleale/IOT_sec/blob/main/DIR-816L%20stack%20overflow(gena.cgi).pdf	https://github.com/scanleale/IOT_sec/blob/main/DIR-816L%20stack%20overflow(gena.cgi).pdf	https://github.com/scanleale/IOT_sec/blob/main/DIR-816L%20stack%20overflow(gena.cgi).pdf	https://github.com/scanleale/IOT_sec/blob/main/DIR-816L%20stack%20overflow(gena.cgi).pdf
source_cve	CVE-2025-13189	CVE-2025-13189	CVE-2025-13189	CVE-2025-13189
cna_responsible	VulDB	VulDB	VulDB	VulDB
cna_eol	1	1	1	1
software_type	Router Operating System	Router Operating System	Router Operating System	Router Operating System
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	C	C	C	C
cvss2_vuldb_ii	C	C	C	C
cvss2_vuldb_ai	C	C	C	C
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	H	H	H	H
cvss4_vuldb_vi	H	H	H	H
cvss4_vuldb_va	H	H	H	H
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	9.0	9.0	9.0	9.0
cvss2_vuldb_tempscore	7.7	7.7	7.7	7.7
cvss3_vuldb_basescore	8.8	8.8	8.8	8.8
cvss3_vuldb_tempscore	8.0	8.0	8.0	8.0
cvss3_meta_basescore	8.8	8.8	8.8	9.1
cvss3_meta_tempscore	8.0	8.4	8.4	8.9
cvss4_vuldb_bscore	8.7	8.7	8.7	8.7
cvss4_vuldb_btscore	7.4	7.4	7.4	7.4
advisory_date	1763074800 (14/11/2025)	1763074800 (14/11/2025)	1763074800 (14/11/2025)	1763074800 (14/11/2025)
price_0day	$25k-$100k	$25k-$100k	$25k-$100k	$25k-$100k
cve_nvd_summary		A vulnerability has been found in D-Link DIR-816L 2_06_b09_beta. This affects the function genacgi_main of the file gena.cgi. The manipulation of the argument SERVER_ID/HTTP_SID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.	A vulnerability has been found in D-Link DIR-816L 2_06_b09_beta. This affects the function genacgi_main of the file gena.cgi. The manipulation of the argument SERVER_ID/HTTP_SID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.	A vulnerability has been found in D-Link DIR-816L 2_06_b09_beta. This affects the function genacgi_main of the file gena.cgi. The manipulation of the argument SERVER_ID/HTTP_SID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
cvss4_cna_av		N	N	N
cvss4_cna_ac		L	L	L
cvss4_cna_at		N	N	N
cvss4_cna_pr		L	L	L
cvss4_cna_ui		N	N	N
cvss4_cna_vc		H	H	H
cvss4_cna_vi		H	H	H
cvss4_cna_va		H	H	H
cvss4_cna_sc		N	N	N
cvss4_cna_si		N	N	N
cvss4_cna_sa		N	N	N
cvss4_cna_bscore		8.7	8.7	8.7
cvss3_cna_av		N	N	N
cvss3_cna_ac		L	L	L
cvss3_cna_pr		L	L	L
cvss3_cna_ui		N	N	N
cvss3_cna_s		U	U	U
cvss3_cna_c		H	H	H
cvss3_cna_i		H	H	H
cvss3_cna_a		H	H	H
cvss3_cna_basescore		8.8	8.8	8.8
cvss2_cna_av		N	N	N
cvss2_cna_ac		L	L	L
cvss2_cna_au		S	S	S
cvss2_cna_ci		C	C	C
cvss2_cna_ii		C	C	C
cvss2_cna_ai		C	C	C
cvss2_cna_basescore		9	9	9
euvd_id			EUVD-2025-197687	EUVD-2025-197687
cvss3_nvd_av				N
cvss3_nvd_ac				L
cvss3_nvd_pr				N
cvss3_nvd_ui				N
cvss3_nvd_s				U
cvss3_nvd_c				H
cvss3_nvd_i				H
cvss3_nvd_a				H
cvss3_nvd_basescore				9.8

◂ मागील बाजूस सिंहावलोकन पुढील ▸

Do you know our Splunk app?

Download it now for free!