CVE-2025-3785

CWE-119 — Buffer Overflow CWE-121 — Stack-based Buffer Overflow4 documents4 sources

Severity

8.7HIGH

EPSS

0.8%

top 26.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

D-link Dwr-m961 Dlink Dwr-m961 Firmware

Timeline

PublishedApr 18

Description

A vulnerability has been found in D-Link DWR-M961 1.1.36 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formStaticDHCP of the component Authorization Interface. The manipulation of the argument Hostname leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.49 is able to address this issue. It is recommended to upgrade the affected component.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5d-link/dwr-m9611.1.36

▶NVDdlink/dwr-m961_firmware1.1.36

🔴Vulnerability Details

GHSA

GHSA-w7x5-wj8r-qp32: A vulnerability has been found in D-Link DWR-M961 1↗2025-04-18

▶

CVEList

D-Link DWR-M961 Authorization Interface formStaticDHCP stack-based overflow↗2025-04-18

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS D-Link DWR-M961/Totolink N150RT formStaticDHCP buffer overflow (CVE-2025-3785, CVE-2025-3989)↗2025-04-18

▶