CVE 8.7 HIGH

D-Link DIR-825 nmbd sserver.c NMBD_process buffer overflow_CVE-2026-7068

April 26, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD_process of the file sserver.c of the component nmbd. Such manipulation leads to buffer overflow. The attack can only be initiated within the local network. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.

AI Analysis

Buffer overflow vulnerability in D-Link DIR-825 3.00b32 via the NMBD_process function in the sserver.c component of the nmbd service, allowing local network attackers to execute arbitrary code.

Basic Information

ID CVE-2026-7068

Source VulDB

Published Apr 26, 2026 at 23:45

Affected Product

Vendor D-Link

Product DIR-825

Version 3.00b32

Affected Versions D-Link DIR-825 3.00b32

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor D-Link

Product DIR-825

Version 3.00b32

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD_process of the file sserver.c of the component nmbd. Such manipulation leads to buffer overflow. The attack can only be initiated within the local network. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.",
    "published": "2026-04-26T23:45:14.462Z",
    "modified": "2026-04-26T23:45:14.462Z",
    "type": "cve",
    "title": "D-Link DIR-825 nmbd sserver.c NMBD_process buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/359643\nhttps://vuldb.com/vuln/359643/cti\nhttps://vuldb.com/submit/798646\nhttps://tzh00203.notion.site/D-Link-DIR-825-nmbd-NetBIOS-Name-Service-Stack-Based-Buffer-Overflow-337b5c52018a80cea1e8d56689928114\nhttps://www.dlink.com/",
    "id": "CVE-2026-7068",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "D-Link DIR-825 3.00b32",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DIR-825",
    "version": "3.00b32",
    "vendor": "D-Link",
    "ai_description": "Buffer overflow vulnerability in D-Link DIR-825 3.00b32 via the NMBD_process function in the sserver.c component of the nmbd service, allowing local network attackers to execute arbitrary code.",
    "ai_severity": "High",
    "ai_vendor": "D-Link",
    "ai_product": "DIR-825",
    "ai_version": "3.00b32",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply