CVE-2025-13189

CVE-2025-13189 is a stack-based buffer overflow vulnerability in the D-Link DIR-816L router running firmware version 2_06_b09_beta. The issue resides in the genacgi_main function within the gena.cgi file, where manipulation of the SERVER_ID or HTTP_SID arguments triggers the overflow. Associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for remote exploitation.

An attacker with low privileges and network access can exploit this vulnerability remotely without user interaction. By sending crafted requests targeting the vulnerable arguments, they can trigger the buffer overflow, potentially achieving arbitrary code execution with high impacts on confidentiality, integrity, and availability. The exploit has been publicly disclosed, increasing the risk for affected devices.

Advisories from VulDB note that the vulnerability only impacts products no longer supported by D-Link, implying no official patches or firmware updates are available. The GitHub reference provides a detailed proof-of-concept exploit in PDF form, while the D-Link website offers no specific mitigation guidance for this EOL device. Security practitioners should prioritize network segmentation, exposure monitoring, and device replacement for any remaining DIR-816L instances.

In context, this vulnerability highlights ongoing risks in legacy IoT devices, with public exploit availability likely enabling widespread targeting of unpatched routers in real-world scenarios.