Sign-up

ID

VAR-202604-3873


CVE

CVE-2026-7069


TITLE

D-Link Corporation of DIR-825  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-013756

DESCRIPTION

A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. Performing a manipulation of the argument NewPortMappingDescription results in buffer overflow. The attack needs to be approached within the local network. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer. All information handled by the software may be rewritten. Furthermore, the software may stop working completely

Trust: 1.62

sources: NVD: CVE-2026-7069 // JVNDB: JVNDB-2026-013756

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-825scope:eqversion:3.00b32

Trust: 1.0

vendor:d linkmodel:dir-825scope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-825scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dir-825scope:eqversion:dir-825 firmware 3.00b32

Trust: 0.8

sources: JVNDB: JVNDB-2026-013756 // NVD: CVE-2026-7069

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-7069
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-013756
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2026-7069
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-013756
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-7069
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-013756
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-013756 // NVD: CVE-2026-7069

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-120

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-013756 // NVD: CVE-2026-7069

PATCH

title://vuldb.com/vuln/359644url:https://tzh00203.notion.site/D-Link-DIR-825-miniupnpd-AddPortMapping-Stack-Overflow-337b5c52018a8028988ecc9daded409e

Trust: 0.8

sources: JVNDB: JVNDB-2026-013756

EXTERNAL IDS

db:NVDid:CVE-2026-7069

Trust: 2.6

db:JVNDBid:JVNDB-2026-013756

Trust: 0.8

sources: JVNDB: JVNDB-2026-013756 // NVD: CVE-2026-7069

REFERENCES

url:https://www.dlink.com/

Trust: 1.8

url:https://tzh00203.notion.site/d-link-dir-825-miniupnpd-addportmapping-stack-overflow-337b5c52018a8028988ecc9daded409e

Trust: 1.0

url:https://vuldb.com/vuln/359644/cti

Trust: 1.0

url:https://vuldb.com/submit/798647

Trust: 1.0

url:https://vuldb.com/vuln/359644

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-7069

Trust: 0.8

sources: JVNDB: JVNDB-2026-013756 // NVD: CVE-2026-7069

SOURCES

db:JVNDBid:JVNDB-2026-013756
db:NVDid:CVE-2026-7069

LAST UPDATE DATE

2026-06-19T23:34:46.014000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-013756date:2026-05-01T01:41:00
db:NVDid:CVE-2026-7069date:2026-04-30T14:08:48.790

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-013756date:2026-05-01T00:00:00
db:NVDid:CVE-2026-7069date:2026-04-27T00:16:21.237