CVE-2025-11338

CWE-119Buffer OverflowCWE-120Classic Buffer Overflow4 documents4 sources
Severity
7.4HIGH
EPSS
0.6%
top 31.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
D-link Di-7100g C1Dlink Di-7100g C1 Firmware
Timeline
PublishedOct 6

Description

A flaw has been found in D-Link DI-7100G C1 up to 20250928. This vulnerability affects the function sub_4C0990 of the file /webchat/login.cgi of the component jhttpd. Executing manipulation of the argument openid can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5d-link/di-7100g_c120250928

🔴Vulnerability Details

2
GHSA
GHSA-x6g7-m7rx-fv2h: A flaw has been found in D-Link DI-7100G C1 up to 202509282025-10-06
CVEList
D-Link DI-7100G C1 jhttpd login.cgi sub_4C0990 buffer overflow2025-10-06

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS D-Link hi_block.asp Multiple Parameters Buffer Overflow Attempt (CVE-2025-11338, CVE-2025-11339)2025-10-06
CVE-2025-11338 (HIGH CVSS 7.4) | A flaw has been found in D-Link DI- | cvebase.io