Sign-up

ID

VAR-202502-1766


CVE

CVE-2025-1539


TITLE

D-Link Systems, Inc.  of  DAP-1320  Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-002015

DESCRIPTION

A vulnerability, which was classified as critical, has been found in D-Link DAP-1320 1.00. Affected by this issue is the function replace_special_char of the file /storagein.pd-XXXXXX. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-1320 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-1539 // JVNDB: JVNDB-2025-002015

AFFECTED PRODUCTS

vendor:d linkmodel:dap-1320scope:eqversion:dap-1320 firmware 1.0

Trust: 0.8

vendor:d linkmodel:dap-1320scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dap-1320scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2025-002015

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-1539
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-002015
value: CRITICAL

Trust: 0.8

cna@vuldb.com: CVE-2025-1539
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-002015
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2025-1539
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-002015
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-002015 // NVD: CVE-2025-1539

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-002015 // NVD: CVE-2025-1539

EXTERNAL IDS

db:NVDid:CVE-2025-1539

Trust: 2.6

db:VULDBid:296480

Trust: 1.0

db:JVNDBid:JVNDB-2025-002015

Trust: 0.8

sources: JVNDB: JVNDB-2025-002015 // NVD: CVE-2025-1539

REFERENCES

url:https://legacy.us.dlink.com/pages/product.aspx?id=4b2bbe2e3f1d440ea65bc56c7e3dcc5c

Trust: 1.8

url:https://tasty-foxtrot-3a8.notion.site/d-link-dap-1320-replace_special_char-vulnerability-1960448e6195809c94f9fd2ff1f59bcf?pvs=4

Trust: 1.8

url:https://vuldb.com/?submit.497496

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/?ctiid.296480

Trust: 1.0

url:https://vuldb.com/?id.296480

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-1539

Trust: 0.8

sources: JVNDB: JVNDB-2025-002015 // NVD: CVE-2025-1539

SOURCES

db:JVNDBid:JVNDB-2025-002015
db:NVDid:CVE-2025-1539

LAST UPDATE DATE

2025-03-10T01:24:06.218000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-002015date:2025-03-05T09:16:00
db:NVDid:CVE-2025-1539date:2025-02-21T15:15:12.830

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-002015date:2025-03-05T00:00:00
db:NVDid:CVE-2025-1539date:2025-02-21T15:15:12.830