D-Link DCS-935L HNAP1 sub_402280 stack-based overflow_CVE-2025-10779

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in D-Link DCS-935L up to 1.13.01. The impacted element is the function sub_402280 of the file /HNAP1/. The manipulation of the argument HNAP_AUTH/SOAPAction results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

Basic Information

ID CVE-2025-10779

Source VulDB

Published Sep 22, 2025 at 03:02

Affected Product

Vendor D-Link

Product DCS-935L

Version 1.13.01

Affected Versions D-Link DCS-935L 1.13.01

CWE Classification

CWE-121 CWE-119

References

{
    "lastseen": "",
    "description": "A vulnerability was found in D-Link DCS-935L up to 1.13.01. The impacted element is the function sub_402280 of the file /HNAP1/. The manipulation of the argument HNAP_AUTH/SOAPAction results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.",
    "published": "2025-09-22T03:02:07.781Z",
    "modified": "2025-09-22T03:02:07.781Z",
    "type": "cve",
    "title": "D-Link DCS-935L HNAP1 sub_402280 stack-based overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.325135\nhttps://vuldb.com/?ctiid.325135\nhttps://vuldb.com/?submit.653690\nhttps://vuldb.com/?submit.653691\nhttps://github.com/scanleale/IOT_sec/blob/main/DCS-935L-1.pdf\nhttps://github.com/scanleale/IOT_sec/blob/main/DCS-935L-2.pdf\nhttps://www.dlink.com/",
    "id": "CVE-2025-10779",
    "bulletinFamily": "",
    "cwe": [
        "CWE-121",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "D-Link DCS-935L 1.13.01",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DCS-935L",
    "version": "1.13.01",
    "vendor": "D-Link",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}