Sign-up

ID

VAR-202503-0137


CVE

CVE-2025-1876


TITLE

D-Link Systems, Inc.  of  DAP-1562  Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-005566

DESCRIPTION

A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Affected by this issue is the function http_request_parse of the component HTTP Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-1562 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1562 is a wireless bridge produced by D-Link of China. The vulnerability is caused by a stack buffer overflow in the HTTP Header Handler, which may lead to remote attacks. Attackers can use this vulnerability to execute arbitrary code on the device, resulting in damage to the confidentiality, integrity and availability of the device

Trust: 2.16

sources: NVD: CVE-2025-1876 // JVNDB: JVNDB-2025-005566 // CNVD: CNVD-2025-04610

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-04610

AFFECTED PRODUCTS

vendor:dlinkmodel:dap-1562scope:eqversion:1.10

Trust: 1.0

vendor:d linkmodel:dap-1562scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dap-1562scope: - version: -

Trust: 0.8

vendor:d linkmodel:dap-1562scope:eqversion:dap-1562 firmware 1.10

Trust: 0.8

vendor:d linkmodel:d-link dap-1562scope:eqversion:1.10

Trust: 0.6

sources: CNVD: CNVD-2025-04610 // JVNDB: JVNDB-2025-005566 // NVD: CVE-2025-1876

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-1876
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2025-1876
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2025-005566
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-04610
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-1876
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-005566
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-04610
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-1876
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-1876
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-005566
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-04610 // JVNDB: JVNDB-2025-005566 // NVD: CVE-2025-1876 // NVD: CVE-2025-1876

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-005566 // NVD: CVE-2025-1876

EXTERNAL IDS

db:NVDid:CVE-2025-1876

Trust: 3.2

db:VULDBid:298190

Trust: 1.8

db:JVNDBid:JVNDB-2025-005566

Trust: 0.8

db:CNVDid:CNVD-2025-04610

Trust: 0.6

sources: CNVD: CNVD-2025-04610 // JVNDB: JVNDB-2025-005566 // NVD: CVE-2025-1876

REFERENCES

url:https://vuldb.com/?id.298190

Trust: 1.8

url:https://vuldb.com/?submit.506106

Trust: 1.8

url:https://witty-maiasaura-083.notion.site/d-link-dap-1562-http_request_parse-vulnerability-1a4b2f2a636180a2a67de271ad5fe6d7

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2025-1876

Trust: 1.4

url:https://vuldb.com/?ctiid.298190

Trust: 1.0

sources: CNVD: CNVD-2025-04610 // JVNDB: JVNDB-2025-005566 // NVD: CVE-2025-1876

SOURCES

db:CNVDid:CNVD-2025-04610
db:JVNDBid:JVNDB-2025-005566
db:NVDid:CVE-2025-1876

LAST UPDATE DATE

2025-05-27T23:21:25.270000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-04610date:2025-03-07T00:00:00
db:JVNDBid:JVNDB-2025-005566date:2025-05-23T02:53:00
db:NVDid:CVE-2025-1876date:2025-05-21T16:17:23.913

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-04610date:2025-03-07T00:00:00
db:JVNDBid:JVNDB-2025-005566date:2025-05-23T00:00:00
db:NVDid:CVE-2025-1876date:2025-03-03T17:15:14.517