CVE-2025-60679

CWE-121Stack-based Buffer Overflow3 documents3 sources
Severity
8.8HIGH
EPSS
0.2%
top 61.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dlink Dir-816 Firmware
Timeline
PublishedNov 13

Description

A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1.10CNB05_R1B011D88210.img in the upload.cgi module, which handles firmware version information. The vulnerability occurs because /proc/version is read into a 512-byte buffer and then concatenated using sprintf() into another 512-byte buffer containing a 29-byte constant. Input exceeding 481 bytes triggers a stack buffer overflow, allowing an attacker who can control /proc/version content to potenti

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDdlink/dir-816_firmware1.10cnb05_r1b011d88210

🔴Vulnerability Details

2
CVEList
CVE-2025-60679: A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv12025-11-13
GHSA
GHSA-xhj4-39f6-qqcq: A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv12025-11-13
CVE-2025-60679 (HIGH CVSS 8.8) | A stack buffer overflow vulnerabili | cvebase.io