Vulnerabilities > CVE-2025-3538

CVSS 8.8 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

CWE-121

NVD

Published: 2025-04-13

Updated: 2025-04-13

Summary

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been rated as critical. This issue affects the function auth_asp of the file /auth.asp of the component jhttpd. The manipulation of the argument callback leads to stack-based buffer overflow. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used.

Common Weakness Enumeration (CWE)

CWE-121 - Stack-based Buffer Overflow

References

https://github.com/Fizz-L/CVE1/blob/main/DI-8100Command%20execution2.md
https://vuldb.com/?ctiid.304577
https://vuldb.com/?id.304577
https://vuldb.com/?submit.524224
https://www.dlink.com/

Vulnerabilities > CVE-2025-3538 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2025-3538"}]}

Summary

Common Weakness Enumeration (CWE)

References

Vulnerabilities > CVE-2025-3538