CVE-2025-1103

CWE-404CWE-476NULL Pointer Dereference6 documents6 sources
Severity
7.1HIGH
EPSS
8.7%
top 7.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
D-link Dir-823xDlink Dir-823x Firmware
Timeline
PublishedFeb 7
Latest updateDec 22

Description

A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function set_wifi_blacklists of the file /goform/set_wifi_blacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5d-link/dir-823x240126, 240802+1
NVDdlink/dir-823x_firmware240126, 240802+1

🔴Vulnerability Details

3
OSV
locking/spinlock/debug: Fix data-race in do_raw_write_lock2025-12-22
GHSA
GHSA-244c-33wx-j66j: A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/2408022025-02-07
CVEList
D-Link DIR-823X HTTP POST Request set_wifi_blacklists null pointer dereference2025-02-07

📋Vendor Advisories

1
Red Hat
kernel: locking/spinlock/debug: Fix data-race in do_raw_write_lock2025-12-22
CVE-2025-1103 (HIGH CVSS 7.1) | A vulnerability | cvebase.io