CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-60679

A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1.10CNB05_R1B011D88210.img in the upload.cgi module, which handles firmware version information. The vulnerability occurs because /proc/version is read into a 512-byte buffer and then concatenated using sprintf() into another 512-byte buffer containing a 29-byte constant. Input exceeding 481 bytes triggers a stack buffer overflow, allowing an attacker who can control /proc/version content to potentially execute arbitrary code on the device.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 20.6%

CVSS Severity

CVSS v3 Score 8.8

References

http://d-link.com
https://github.com/yifan20020708/SGTaint-0-day/blob/main/DLink/DLink-DIR-816/CVE-2025-60679.md
https://www.dlink.com/en
https://www.dlink.com/en/security-bulletin/

Products affected by CVE-2025-60679

Dlink » Dir-816 » Version: a2

cpe:2.3:h:dlink:dir-816:a2
Dlink » Dir-816 Firmware » Version: 1.10cnb05_r1b011d88210

cpe:2.3:o:dlink:dir-816_firmware:1.10cnb05_r1b011d88210

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-60679

Products

Pricing

Contact Us