Sign-up

ID

VAR-202604-2744


CVE

CVE-2026-7068


TITLE

D-Link Corporation of DIR-825  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-013757

DESCRIPTION

A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD_process of the file sserver.c of the component nmbd. Such manipulation leads to buffer overflow. The attack can only be initiated within the local network. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-7068 // JVNDB: JVNDB-2026-013757

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-825scope:eqversion:3.00b32

Trust: 1.0

vendor:d linkmodel:dir-825scope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-825scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dir-825scope:eqversion:dir-825 firmware 3.00b32

Trust: 0.8

sources: JVNDB: JVNDB-2026-013757 // NVD: CVE-2026-7068

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-7068
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-013757
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2026-7068
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-013757
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-7068
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-013757
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-013757 // NVD: CVE-2026-7068

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-120

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-013757 // NVD: CVE-2026-7068

PATCH

title:httpsurl:https://tzh00203.notion.site/D-Link-DIR-825-nmbd-NetBIOS-Name-Service-Stack-Based-Buffer-Overflow-337b5c52018a80cea1e8d56689928114

Trust: 0.8

sources: JVNDB: JVNDB-2026-013757

EXTERNAL IDS

db:NVDid:CVE-2026-7068

Trust: 2.6

db:JVNDBid:JVNDB-2026-013757

Trust: 0.8

sources: JVNDB: JVNDB-2026-013757 // NVD: CVE-2026-7068

REFERENCES

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/vuln/359643

Trust: 1.0

url:https://vuldb.com/vuln/359643/cti

Trust: 1.0

url:https://tzh00203.notion.site/d-link-dir-825-nmbd-netbios-name-service-stack-based-buffer-overflow-337b5c52018a80cea1e8d56689928114

Trust: 1.0

url:https://vuldb.com/submit/798646

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-7068

Trust: 0.8

sources: JVNDB: JVNDB-2026-013757 // NVD: CVE-2026-7068

SOURCES

db:JVNDBid:JVNDB-2026-013757
db:NVDid:CVE-2026-7068

LAST UPDATE DATE

2026-06-19T23:06:48.216000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-013757date:2026-05-01T01:41:00
db:NVDid:CVE-2026-7068date:2026-04-30T14:08:54.790

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-013757date:2026-05-01T00:00:00
db:NVDid:CVE-2026-7068date:2026-04-27T00:16:21.050