Stack-Based Buffer Overflow in D-Link DWR-M961 Authorization Interface
CVE-2025-3785

8.8HIGH

Key Information:

Vendor
D-Link
Status
DWR-M961
Vendor
CVE Published:
18 April 2025

Summary

A stack-based buffer overflow vulnerability exists in the authorization interface of D-Link's DWR-M961 router, specifically in the formStaticDHCP file. An attacker can exploit this flaw by manipulating the Hostname argument, potentially allowing for arbitrary code execution. This issue affects version 1.1.36 of the product and can be triggered remotely, making it imperative for users to upgrade to version 1.1.49 or later to mitigate the risk of exploitation.

References

https://github.com/ZOKEYE/CVE/blob/main/D-link.md
https://vuldb.com/?ctiid.305608
https://vuldb.com/?id.305608

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2025-3785 : Stack-Based Buffer Overflow in D-Link DWR-M961 Authorization Interface | SecurityVulnerability.io