Details of VAR-202502-0157

ID

VAR-202502-0157

CVE

CVE-2025-1103

TITLE

D-Link Systems, Inc. of DIR-823X in the firmware NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2025-005568

DESCRIPTION

A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function set_wifi_blacklists of the file /goform/set_wifi_blacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-823X The firmware has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. D-Link DIR-823X is a wireless router of D-Link, a Chinese company. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2025-1103 // JVNDB: JVNDB-2025-005568 // CNVD: CNVD-2025-13077

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-13077

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-823x	scope:	eq	version:	240802	Trust: 1.0
vendor:	dlink	model:	dir-823x	scope:	eq	version:	240126	Trust: 1.0
vendor:	d link	model:	dir-823x	scope:	eq	version:	dir-823x firmware 240126	Trust: 0.8
vendor:	d link	model:	dir-823x	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	dir-823x	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-823x	scope:	eq	version:	dir-823x firmware 240802	Trust: 0.8
vendor:	d link	model:	dir-823x	scope:	eq	version:	240126	Trust: 0.6
vendor:	d link	model:	dir-823x	scope:	eq	version:	240802	Trust: 0.6

sources: CNVD: CNVD-2025-13077 // JVNDB: JVNDB-2025-005568 // NVD: CVE-2025-1103

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-1103
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2025-1103
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2025-005568
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-13077
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2025-1103
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-005568
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-13077
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-1103
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	JVNDB-2025-005568
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-13077 // JVNDB: JVNDB-2025-005568 // NVD: CVE-2025-1103 // NVD: CVE-2025-1103

PROBLEMTYPE DATA

problemtype:	CWE-476	Trust: 1.0
problemtype:	CWE-404	Trust: 1.0
problemtype:	Improper shutdown and release of resources (CWE-404) [ others ]	Trust: 0.8
problemtype:	NULL Pointer dereference (CWE-476) [NVD evaluation ]	Trust: 0.8
problemtype:	NULL Pointer dereference (CWE-476) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-005568 // NVD: CVE-2025-1103

EXTERNAL IDS

db:	NVD	id:	CVE-2025-1103	Trust: 3.2
db:	VULDB	id:	294933	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-005568	Trust: 0.8
db:	CNVD	id:	CNVD-2025-13077	Trust: 0.6

sources: CNVD: CNVD-2025-13077 // JVNDB: JVNDB-2025-005568 // NVD: CVE-2025-1103

REFERENCES

url:	https://tasty-foxtrot-3a8.notion.site/d-link-dir-823x-set_wifi_blacklists-vulnerability-1870448e619580e5bf09cf628692f7a9	Trust: 2.4
url:	https://tasty-foxtrot-3a8.notion.site/d-link-dir-823x-set_wifi_blacklists-vulnerability-1870448e619580e5bf09cf628692f7a9?pvs=73	Trust: 1.8
url:	https://vuldb.com/?id.294933	Trust: 1.8
url:	https://vuldb.com/?submit.489603	Trust: 1.8
url:	https://www.dlink.com/	Trust: 1.8
url:	https://vuldb.com/?ctiid.294933	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-1103	Trust: 0.8

sources: CNVD: CNVD-2025-13077 // JVNDB: JVNDB-2025-005568 // NVD: CVE-2025-1103

SOURCES

db:	CNVD	id:	CNVD-2025-13077
db:	JVNDB	id:	JVNDB-2025-005568
db:	NVD	id:	CVE-2025-1103

LAST UPDATE DATE

2025-06-21T23:23:02.411000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-13077	date:	2025-06-20T00:00:00
db:	JVNDB	id:	JVNDB-2025-005568	date:	2025-05-23T02:53:00
db:	NVD	id:	CVE-2025-1103	date:	2025-05-21T16:51:34.753

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-13077	date:	2025-06-20T00:00:00
db:	JVNDB	id:	JVNDB-2025-005568	date:	2025-05-23T00:00:00
db:	NVD	id:	CVE-2025-1103	date:	2025-02-07T15:15:17.583