CVE-2025-5228

CWE-119 — Buffer Overflow CWE-121 — Stack-based Buffer Overflow3 documents3 sources

Severity

8.7HIGH

EPSS

1.6%

top 18.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Di-8100 Firmware D-link Di-8100

Timeline

PublishedMay 27

Description

A vulnerability was found in D-Link DI-8100 up to 20250523. It has been classified as critical. Affected is the function httpd_get_parm of the file /login.cgi of the component jhttpd. The manipulation of the argument notify leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDdlink/di-8100_firmware20250523

▶CVEListV5d-link/di-810020250523

🔴Vulnerability Details

GHSA

GHSA-2g2q-92qg-99wf: A vulnerability was found in D-Link DI-8100 up to 20250523↗2025-05-27

▶

CVEList

D-Link DI-8100 jhttpd login.cgi httpd_get_parm stack-based overflow↗2025-05-27

▶