CVE Details
Basic Information
| Title | D-Link DI-8100 jhttpd login.cgi httpd_get_parm stack-based overflow |
|---|---|
| Type | cve |
| Published | 2025-05-27T03:00:11.847Z |
| Last Seen |
Product Information
| Vendor | D-Link |
|---|---|
| Product | DI-8100 |
| Version | 20250523 |
CVSS Information
| Base Score | 8.7 (HIGH) |
|---|---|
| Attack Vector | CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A stack-based buffer overflow vulnerability exists in the jhttpd component of D-Link DI-8100 routers up to version 20250523. The vulnerability is in the `httpd_get_parm` function within the `/login.cgi` file, triggered by manipulating the `notify` argument. This can lead to arbitrary code execution, but the attack is limited to the local network. The vulnerability has been publicly disclosed and may be exploited. |
|---|---|
| AI Severity | High |
| Vendor | D-Link |
| Product | DI-8100 |
| Affected Version | 20250523 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-121, CWE-119 |
| Bulletin Family | |
| Source Data | D-Link DI-8100 20250523 |
Source Information
| Source Data | D-Link DI-8100 20250523 |
|---|---|
| Source Link |
Description
A vulnerability was found in D-Link DI-8100 up to 20250523. It has been classified as critical. Affected is the function httpd_get_parm of the file /login.cgi of the component jhttpd. The manipulation of the argument notify leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used.
CVSS Score Summary
Base Score: 8.7 (HIGH)