{"id":"CVE-2025-60679","details":"A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1.10CNB05_R1B011D88210.img in the upload.cgi module, which handles firmware version information. The vulnerability occurs because /proc/version is read into a 512-byte buffer and then concatenated using sprintf() into another 512-byte buffer containing a 29-byte constant. Input exceeding 481 bytes triggers a stack buffer overflow, allowing an attacker who can control /proc/version content to potentially execute arbitrary code on the device.","modified":"2026-03-13T22:21:29.495607Z","published":"2025-11-13T20:15:51.420Z","references":[{"type":"WEB","url":"http://d-link.com"},{"type":"WEB","url":"https://www.dlink.com/en"},{"type":"ADVISORY","url":"https://www.dlink.com/en/security-bulletin/"},{"type":"EVIDENCE","url":"https://github.com/yifan20020708/SGTaint-0-day/blob/main/DLink/DLink-DIR-816/CVE-2025-60679.md"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.10cnb05_r1b011d88210"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-60679.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}