CVE-2025-7911

A vulnerability classified as critical was found in D-Link DI-8100 1.0. This vulnerability affects the function sprintf of the file /upnp_ctrl.asp of the component jhttpd. The manipulation of the argument remove_ext_proto/remove_ext_port leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VulDBCNA
8.8 HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
dlinkdi-8100_firmware
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/buobo/bo-s-CVE/blob/main/DI-8100/upnp_ctrl_asp.md
https://vuldb.com/?ctiid.317026
https://vuldb.com/?id.317026
https://vuldb.com/?submit.618640
https://vuldb.com/?submit.618641
https://www.dlink.com/
https://github.com/buobo/bo-s-CVE/blob/main/DI-8100/upnp_ctrl_asp.md