CVE-2025-4544

A vulnerability was found in D-Link DI-8100 up to 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /ddos.asp of the component jhttpd. The manipulation of the argument def_max/def_time/def_tcp_max/def_tcp_time/def_udp_max/def_udp_time/def_icmp_max leads to stack-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.6 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
VulDBCNA
6.6 MEDIUM
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
VendorProductVersion
dlinkdi-8100_firmware
𝑥
≤ 16.07.26a1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Yhuanhuan01/DI-8100_Vulnerability_Report/blob/main/Vulnerability_Report.md
https://vuldb.com/?ctiid.308291
https://vuldb.com/?id.308291
https://vuldb.com/?submit.562695
https://www.dlink.com/
https://github.com/Yhuanhuan01/DI-8100_Vulnerability_Report/blob/main/Vulnerability_Report.md