Sign-up

ID

VAR-202502-2912


CVE

CVE-2025-25740


TITLE

D-Link Systems, Inc.  of  dir-853  Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-004353

DESCRIPTION

D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the PSK parameter in the SetQuickVPNSettings module. D-Link Systems, Inc. (DoS) It may be in a state. The D-Link DIR-853 is a dual-band wireless router that supports the 802.11ac protocol, providing dual-band network connections in 2.4GHz (up to 400Mbps) and 5GHz (up to 867Mbps), making it ideal for HD video streaming and online gaming. An attacker could exploit this vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-25740 // JVNDB: JVNDB-2025-004353 // CNVD: CNVD-2025-18561

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-18561

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-853scope:eqversion:1.20b07

Trust: 1.0

vendor:d linkmodel:dir-853scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dir-853scope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-853scope:eqversion:dir-853 firmware 1.20b07

Trust: 0.8

vendor:d linkmodel:dir-853 a1 fw1.20b07scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-18561 // JVNDB: JVNDB-2025-004353 // NVD: CVE-2025-25740

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-25740
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2025-004353
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-18561
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-18561
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-25740
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.1
impactScore: 3.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-004353
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-18561 // JVNDB: JVNDB-2025-004353 // NVD: CVE-2025-25740

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-004353 // NVD: CVE-2025-25740

EXTERNAL IDS

db:NVDid:CVE-2025-25740

Trust: 3.2

db:JVNDBid:JVNDB-2025-004353

Trust: 0.8

db:CNVDid:CNVD-2025-18561

Trust: 0.6

sources: CNVD: CNVD-2025-18561 // JVNDB: JVNDB-2025-004353 // NVD: CVE-2025-25740

REFERENCES

url:https://dear-sunshine-ba5.notion.site/d-link-dir-853-2-1812386a66448036a1cce259beb30b04

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2025-25740

Trust: 0.8

sources: CNVD: CNVD-2025-18561 // JVNDB: JVNDB-2025-004353 // NVD: CVE-2025-25740

SOURCES

db:CNVDid:CNVD-2025-18561
db:JVNDBid:JVNDB-2025-004353
db:NVDid:CVE-2025-25740

LAST UPDATE DATE

2025-08-17T23:44:46.811000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-18561date:2025-08-15T00:00:00
db:JVNDBid:JVNDB-2025-004353date:2025-05-07T02:21:00
db:NVDid:CVE-2025-25740date:2025-05-02T17:53:59.500

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-18561date:2025-08-14T00:00:00
db:JVNDBid:JVNDB-2025-004353date:2025-05-07T00:00:00
db:NVDid:CVE-2025-25740date:2025-02-14T15:15:13.190