Buffer Overflow Vulnerability in D-Link Router's Firmware
CVE-2025-7194
Key Information:
Badges
What is CVE-2025-7194?
A stack-based buffer overflow vulnerability exists in the D-Link DI-500WF router's firmware, specifically within the sprintf function of the ip_position.asp file in the jhttpd component. This vulnerability can be exploited remotely through crafted input, potentially allowing unauthorized access and control over the device. Exploitation of this issue puts users at risk, as it enables an attacker to execute arbitrary code on the device. It is crucial for users to apply patches and ensure their systems are updated to mitigate these risks.
Affected Version(s)
DI-500WF 17.04.10A1T
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved