Details of VAR-202507-0536

ID

VAR-202507-0536

CVE

CVE-2025-7603

TITLE

D-Link Systems, Inc. of di-8100 Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-009109

DESCRIPTION

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. Affected is an unknown function of the file /jingx.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of di-8100 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DI-8100 is a broadband router designed for small and medium-sized networks. It supports up to four Internet ports and four LAN ports, allowing up to 80 users to access the internet simultaneously. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-7603 // JVNDB: JVNDB-2025-009109 // CNVD: CNVD-2025-18431

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-18431

AFFECTED PRODUCTS

vendor:	dlink	model:	di-8100	scope:	eq	version:	16.07.26a1	Trust: 1.0
vendor:	d link	model:	di-8100	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	di-8100	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	di-8100	scope:	eq	version:	di-8100 firmware 16.07.26a1	Trust: 0.8
vendor:	d link	model:	di-8100 16.07.26a1	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-18431 // JVNDB: JVNDB-2025-009109 // NVD: CVE-2025-7603

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-7603
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-009109
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-18431
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-7603
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-009109
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-18431
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-7603
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-009109
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-18431 // JVNDB: JVNDB-2025-009109 // NVD: CVE-2025-7603

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-121	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-009109 // NVD: CVE-2025-7603

EXTERNAL IDS

db:	NVD	id:	CVE-2025-7603	Trust: 3.2
db:	VULDB	id:	316302	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-009109	Trust: 0.8
db:	CNVD	id:	CNVD-2025-18431	Trust: 0.6

sources: CNVD: CNVD-2025-18431 // JVNDB: JVNDB-2025-009109 // NVD: CVE-2025-7603

REFERENCES

url:	https://github.com/xidp0/mycve/blob/main/cve/d-link%20di_8100-16.07.26a1/jingx_asp/d-link%20di_8100-16.07.26a1%20jingx_asp.md	Trust: 2.4
url:	https://vuldb.com/?id.316302	Trust: 1.8
url:	https://vuldb.com/?submit.615320	Trust: 1.8
url:	https://www.dlink.com/	Trust: 1.8
url:	https://vuldb.com/?ctiid.316302	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-7603	Trust: 0.8

sources: CNVD: CNVD-2025-18431 // JVNDB: JVNDB-2025-009109 // NVD: CVE-2025-7603

SOURCES

db:	CNVD	id:	CNVD-2025-18431
db:	JVNDB	id:	JVNDB-2025-009109
db:	NVD	id:	CVE-2025-7603

LAST UPDATE DATE

2025-08-15T23:32:49.843000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-18431	date:	2025-08-14T00:00:00
db:	JVNDB	id:	JVNDB-2025-009109	date:	2025-07-17T05:05:00
db:	NVD	id:	CVE-2025-7603	date:	2025-07-16T14:32:42.330

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-18431	date:	2025-08-14T00:00:00
db:	JVNDB	id:	JVNDB-2025-009109	date:	2025-07-17T00:00:00
db:	NVD	id:	CVE-2025-7603	date:	2025-07-14T13:15:25.467