Details of VAR-202507-2448

ID

VAR-202507-2448

CVE

CVE-2025-7911

TITLE

D-Link DI-8100 Buffer Overflow Vulnerability (CNVD-2025-16668)

Trust: 0.6

sources: CNVD: CNVD-2025-16668

DESCRIPTION

A vulnerability classified as critical was found in D-Link DI-8100 1.0. This vulnerability affects the function sprintf of the file /upnp_ctrl.asp of the component jhttpd. The manipulation of the argument remove_ext_proto/remove_ext_port leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link DI-8100 is an enterprise-level router device from D-Link. Attackers can exploit this vulnerability to trigger a buffer overflow by remotely constructing malicious parameters, thereby executing arbitrary code or causing the service to crash

Trust: 1.44

sources: NVD: CVE-2025-7911 // CNVD: CNVD-2025-16668

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-16668

AFFECTED PRODUCTS

vendor:

d link

model:

di-8100

scope:

version:

1.0

Trust: 0.6

sources: CNVD: CNVD-2025-16668

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-7911
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-16668
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-7911
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2025-16668
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-7911
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-16668 // NVD: CVE-2025-7911

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-119	Trust: 1.0

sources: NVD: CVE-2025-7911

EXTERNAL IDS

db:	NVD	id:	CVE-2025-7911	Trust: 1.6
db:	VULDB	id:	317026	Trust: 1.6
db:	CNVD	id:	CNVD-2025-16668	Trust: 0.6

sources: CNVD: CNVD-2025-16668 // NVD: CVE-2025-7911

REFERENCES

url:	https://vuldb.com/?id.317026	Trust: 1.6
url:	https://vuldb.com/?ctiid.317026	Trust: 1.6
url:	https://vuldb.com/?submit.618640	Trust: 1.6
url:	https://vuldb.com/?submit.618641	Trust: 1.6
url:	https://github.com/buobo/bo-s-cve/blob/main/di-8100/upnp_ctrl_asp.md	Trust: 1.6
url:	https://www.dlink.com/	Trust: 1.6

sources: CNVD: CNVD-2025-16668 // NVD: CVE-2025-7911

SOURCES

db:	CNVD	id:	CNVD-2025-16668
db:	NVD	id:	CVE-2025-7911

LAST UPDATE DATE

2025-07-24T23:59:57.704000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-16668	date:	2025-07-23T00:00:00
db:	NVD	id:	CVE-2025-7911	date:	2025-07-22T13:06:07.260

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-16668	date:	2025-07-23T00:00:00
db:	NVD	id:	CVE-2025-7911	date:	2025-07-20T23:15:31.977