Sign-up

ID

VAR-202504-1162


CVE

CVE-2025-3785


TITLE

D-Link Systems, Inc.  of  DWR-M961  Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-009817

DESCRIPTION

A vulnerability has been found in D-Link DWR-M961 1.1.36 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formStaticDHCP of the component Authorization Interface. The manipulation of the argument Hostname leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.49 is able to address this issue. It is recommended to upgrade the affected component. D-Link Systems, Inc. of DWR-M961 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DWR-M961 is a router from D-Link, a Chinese company. D-Link DWR-M961 has a buffer overflow vulnerability. The vulnerability is caused by the failure of the parameter Hostname in the file /boafrm/formStaticDHCP to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-3785 // JVNDB: JVNDB-2025-009817 // CNVD: CNVD-2025-11233

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-11233

AFFECTED PRODUCTS

vendor:dlinkmodel:dwr-m961scope:eqversion:1.1.36

Trust: 1.0

vendor:d linkmodel:dwr-m961scope: - version: -

Trust: 0.8

vendor:d linkmodel:dwr-m961scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dwr-m961scope:eqversion:dwr-m961 firmware 1.1.36

Trust: 0.8

vendor:d linkmodel:dwr-m961scope:eqversion:1.1.36

Trust: 0.6

sources: CNVD: CNVD-2025-11233 // JVNDB: JVNDB-2025-009817 // NVD: CVE-2025-3785

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-3785
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-009817
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-11233
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-3785
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-009817
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-11233
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-3785
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-009817
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-11233 // JVNDB: JVNDB-2025-009817 // NVD: CVE-2025-3785

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-121

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-009817 // NVD: CVE-2025-3785

EXTERNAL IDS

db:NVDid:CVE-2025-3785

Trust: 3.2

db:VULDBid:305608

Trust: 1.8

db:JVNDBid:JVNDB-2025-009817

Trust: 0.8

db:CNVDid:CNVD-2025-11233

Trust: 0.6

sources: CNVD: CNVD-2025-11233 // JVNDB: JVNDB-2025-009817 // NVD: CVE-2025-3785

REFERENCES

url:https://vuldb.com/?id.305608

Trust: 1.8

url:https://vuldb.com/?submit.553547

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://github.com/zokeye/cve/blob/main/d-link.md

Trust: 1.6

url:https://vuldb.com/?ctiid.305608

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-3785

Trust: 0.8

sources: CNVD: CNVD-2025-11233 // JVNDB: JVNDB-2025-009817 // NVD: CVE-2025-3785

SOURCES

db:CNVDid:CNVD-2025-11233
db:JVNDBid:JVNDB-2025-009817
db:NVDid:CVE-2025-3785

LAST UPDATE DATE

2025-07-28T19:42:25.150000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-11233date:2025-05-30T00:00:00
db:JVNDBid:JVNDB-2025-009817date:2025-07-24T09:23:00
db:NVDid:CVE-2025-3785date:2025-07-16T15:31:16.890

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-11233date:2025-05-30T00:00:00
db:JVNDBid:JVNDB-2025-009817date:2025-07-24T00:00:00
db:NVDid:CVE-2025-3785date:2025-04-18T09:15:15.440