Details of VAR-202507-0602

ID

VAR-202507-0602

CVE

CVE-2025-7602

TITLE

D-Link Systems, Inc. of di-8100 Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-009118

DESCRIPTION

A vulnerability was found in D-Link DI-8100 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /arp_sys.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of di-8100 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DI-8100 is a broadband router designed for small and medium-sized networks. It supports up to four Internet ports and four LAN ports, allowing up to 80 users to access the internet simultaneously. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-7602 // JVNDB: JVNDB-2025-009118 // CNVD: CNVD-2025-18430

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-18430

AFFECTED PRODUCTS

vendor:	dlink	model:	di-8100	scope:	eq	version:	16.07.26a1	Trust: 1.0
vendor:	d link	model:	di-8100	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	di-8100	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	di-8100	scope:	eq	version:	di-8100 firmware 16.07.26a1	Trust: 0.8
vendor:	d link	model:	di-8100 16.07.26a1	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-18430 // JVNDB: JVNDB-2025-009118 // NVD: CVE-2025-7602

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-7602
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-009118
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-18430
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-7602
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-009118
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-18430
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-7602
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-009118
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-18430 // JVNDB: JVNDB-2025-009118 // NVD: CVE-2025-7602

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-121	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-009118 // NVD: CVE-2025-7602

EXTERNAL IDS

db:	NVD	id:	CVE-2025-7602	Trust: 3.2
db:	VULDB	id:	316301	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-009118	Trust: 0.8
db:	CNVD	id:	CNVD-2025-18430	Trust: 0.6

sources: CNVD: CNVD-2025-18430 // JVNDB: JVNDB-2025-009118 // NVD: CVE-2025-7602

REFERENCES

url:	https://github.com/xidp0/mycve/blob/main/cve/d-link%20di_8100-16.07.26a1/arp_sys_asp/arp_sys_asp.md	Trust: 2.4
url:	https://vuldb.com/?id.316301	Trust: 1.8
url:	https://vuldb.com/?submit.615302	Trust: 1.8
url:	https://www.dlink.com/	Trust: 1.8
url:	https://vuldb.com/?ctiid.316301	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-7602	Trust: 0.8

sources: CNVD: CNVD-2025-18430 // JVNDB: JVNDB-2025-009118 // NVD: CVE-2025-7602

SOURCES

db:	CNVD	id:	CNVD-2025-18430
db:	JVNDB	id:	JVNDB-2025-009118
db:	NVD	id:	CVE-2025-7602

LAST UPDATE DATE

2025-08-15T23:17:28.854000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-18430	date:	2025-08-14T00:00:00
db:	JVNDB	id:	JVNDB-2025-009118	date:	2025-07-17T05:10:00
db:	NVD	id:	CVE-2025-7602	date:	2025-07-16T14:32:50.430

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-18430	date:	2025-08-14T00:00:00
db:	JVNDB	id:	JVNDB-2025-009118	date:	2025-07-17T00:00:00
db:	NVD	id:	CVE-2025-7602	date:	2025-07-14T12:15:25.053