Sign-up

ID

VAR-202505-0307


CVE

CVE-2025-4544


TITLE

D-Link Systems, Inc.  of  di-8100  Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-005548

DESCRIPTION

A vulnerability was found in D-Link DI-8100 up to 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /ddos.asp of the component jhttpd. The manipulation of the argument def_max/def_time/def_tcp_max/def_tcp_time/def_udp_max/def_udp_time/def_icmp_max leads to stack-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. D-Link Systems, Inc. of di-8100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8100 is a network device that is mainly used to provide network connection and management functions. Attackers can exploit this vulnerability to execute arbitrary code

Trust: 2.16

sources: NVD: CVE-2025-4544 // JVNDB: JVNDB-2025-005548 // CNVD: CNVD-2025-11192

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-11192

AFFECTED PRODUCTS

vendor:dlinkmodel:di-8100scope:lteversion:16.07.26a1

Trust: 1.0

vendor:d linkmodel:di-8100scope:lteversion:di-8100 firmware 16.07.26a1 and earlier

Trust: 0.8

vendor:d linkmodel:di-8100scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:di-8100scope: - version: -

Trust: 0.8

vendor:d linkmodel:di-8100 16.07.26a1scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-11192 // JVNDB: JVNDB-2025-005548 // NVD: CVE-2025-4544

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-4544
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-4544
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-005548
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-11192
value: MEDIUM

Trust: 0.6

cna@vuldb.com: CVE-2025-4544
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:H/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.2
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-005548
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:H/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-11192
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:H/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.2
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-4544
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.7
impactScore: 5.9
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-4544
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-005548
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-11192 // JVNDB: JVNDB-2025-005548 // NVD: CVE-2025-4544 // NVD: CVE-2025-4544

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-121

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-005548 // NVD: CVE-2025-4544

EXTERNAL IDS

db:NVDid:CVE-2025-4544

Trust: 3.2

db:VULDBid:308291

Trust: 2.4

db:JVNDBid:JVNDB-2025-005548

Trust: 0.8

db:CNVDid:CNVD-2025-11192

Trust: 0.6

sources: CNVD: CNVD-2025-11192 // JVNDB: JVNDB-2025-005548 // NVD: CVE-2025-4544

REFERENCES

url:https://vuldb.com/?id.308291

Trust: 2.4

url:https://github.com/yhuanhuan01/di-8100_vulnerability_report/blob/main/vulnerability_report.md

Trust: 1.8

url:https://vuldb.com/?submit.562695

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/?ctiid.308291

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-4544

Trust: 0.8

sources: CNVD: CNVD-2025-11192 // JVNDB: JVNDB-2025-005548 // NVD: CVE-2025-4544

SOURCES

db:CNVDid:CNVD-2025-11192
db:JVNDBid:JVNDB-2025-005548
db:NVDid:CVE-2025-4544

LAST UPDATE DATE

2025-06-01T23:05:45.098000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-11192date:2025-05-30T00:00:00
db:JVNDBid:JVNDB-2025-005548date:2025-05-23T01:36:00
db:NVDid:CVE-2025-4544date:2025-05-22T18:24:37.697

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-11192date:2025-05-29T00:00:00
db:JVNDBid:JVNDB-2025-005548date:2025-05-23T00:00:00
db:NVDid:CVE-2025-4544date:2025-05-11T19:15:50.450