Sign-up

ID

VAR-202502-1799


CVE

CVE-2025-1538


TITLE

D-Link Systems, Inc.  of  DAP-1320  Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-001746

DESCRIPTION

A vulnerability classified as critical was found in D-Link DAP-1320 1.00. Affected by this vulnerability is the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-1320 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-1538 // JVNDB: JVNDB-2025-001746

AFFECTED PRODUCTS

vendor:dlinkmodel:dap-1320scope:eqversion:1.0

Trust: 1.0

vendor:d linkmodel:dap-1320scope:eqversion:dap-1320 firmware 1.0

Trust: 0.8

vendor:d linkmodel:dap-1320scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dap-1320scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2025-001746 // NVD: CVE-2025-1538

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-1538
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-001746
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2025-1538
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-001746
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2025-1538
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-001746
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-001746 // NVD: CVE-2025-1538

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-122

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Heap-based buffer overflow (CWE-122) [ others ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-001746 // NVD: CVE-2025-1538

EXTERNAL IDS

db:NVDid:CVE-2025-1538

Trust: 2.6

db:VULDBid:296479

Trust: 1.0

db:JVNDBid:JVNDB-2025-001746

Trust: 0.8

sources: JVNDB: JVNDB-2025-001746 // NVD: CVE-2025-1538

REFERENCES

url:https://legacy.us.dlink.com/pages/product.aspx?id=4b2bbe2e3f1d440ea65bc56c7e3dcc5c

Trust: 1.8

url:https://tasty-foxtrot-3a8.notion.site/d-link-dap-1320-set_ws_action-vulnerability-1950448e61958049be3cc606d434bc9d

Trust: 1.8

url:https://tasty-foxtrot-3a8.notion.site/d-link-dap-1320-set_ws_action-vulnerability-1950448e61958049be3cc606d434bc9d?pvs=74

Trust: 1.8

url:https://vuldb.com/?submit.497301

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/?ctiid.296479

Trust: 1.0

url:https://vuldb.com/?id.296479

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-1538

Trust: 0.8

sources: JVNDB: JVNDB-2025-001746 // NVD: CVE-2025-1538

SOURCES

db:JVNDBid:JVNDB-2025-001746
db:NVDid:CVE-2025-1538

LAST UPDATE DATE

2025-02-28T23:19:51.639000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-001746date:2025-02-26T09:59:00
db:NVDid:CVE-2025-1538date:2025-02-25T20:54:42.947

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-001746date:2025-02-26T00:00:00
db:NVDid:CVE-2025-1538date:2025-02-21T15:15:12.630