CVE 8.6 HIGH

D-Link DIR-825 miniupnpd upnpsoap.c AddPortMapping buffer overflow_CVE-2026-7069

April 26, 2026 invoker category_cve

8.6 / 10

HIGH

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. Performing a manipulation of the argument NewPortMappingDescription results in buffer overflow. The attack needs to be approached within the local network. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.

AI Analysis

Buffer overflow vulnerability in D-Link DIR-825 due to manipulation of the NewPortMappingDescription argument in the AddPortMapping function of the miniupnpd component.

Basic Information

ID CVE-2026-7069

Source VulDB

Published Apr 27, 2026 at 00:00

Affected Product

Vendor D-Link

Product DIR-825

Version 3.00b32

Affected Versions D-Link DIR-825 3.00b32

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor D-Link

Product DIR-825

Version 3.00b32

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. Performing a manipulation of the argument NewPortMappingDescription results in buffer overflow. The attack needs to be approached within the local network. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.",
    "published": "2026-04-27T00:00:25.159Z",
    "modified": "2026-04-27T00:00:25.159Z",
    "type": "cve",
    "title": "D-Link DIR-825 miniupnpd upnpsoap.c AddPortMapping buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/359644\nhttps://vuldb.com/vuln/359644/cti\nhttps://vuldb.com/submit/798647\nhttps://tzh00203.notion.site/D-Link-DIR-825-miniupnpd-AddPortMapping-Stack-Overflow-337b5c52018a8028988ecc9daded409e\nhttps://www.dlink.com/",
    "id": "CVE-2026-7069",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "D-Link DIR-825 3.00b32",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DIR-825",
    "version": "3.00b32",
    "vendor": "D-Link",
    "ai_description": "Buffer overflow vulnerability in D-Link DIR-825 due to manipulation of the NewPortMappingDescription argument in the AddPortMapping function of the miniupnpd component.",
    "ai_severity": "High",
    "ai_vendor": "D-Link",
    "ai_product": "DIR-825",
    "ai_version": "3.00b32",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply