CVE-2025-3538Improper Restriction of Operations within the Bounds of a Memory Buffer in D-link Di-8100

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write4 documents4 sources
Severity
8.7HIGHNVD
EPSS
2.4%
top 14.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
D-link Di-8100Dlink Di-8100 Firmware
Timeline
PublishedApr 13
Latest updateApr 14

Description

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been rated as critical. This issue affects the function auth_asp of the file /auth.asp of the component jhttpd. The manipulation of the argument callback leads to stack-based buffer overflow. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5d-link/di-810016.07.26A1
NVDdlink/di-8100_firmware16.07.26a1

🔴Vulnerability Details

2
GHSA
GHSA-w9rr-95wc-r9jf: A vulnerability was found in D-Link DI-8100 162025-04-13
CVEList
D-Link DI-8100 jhttpd auth.asp auth_asp stack-based overflow2025-04-13

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS D-Link DI-8100 auth.asp callback Parameter Buffer Overflow Attempt (CVE-2025-3538)2025-04-14
CVE-2025-3538 — D-link Di-8100 vulnerability | cvebase