Dlink Dir-825 Firmware vulnerabilities

CVE-2025-10666 [HIGH] CWE-119 CVE-2025-10666: A security flaw has been discovered in D-Link DIR-825 up to 2.10. Affected by this vulnerability is A security flaw has been discovered in D-Link DIR-825 up to 2.10. Affected by this vulnerability is the function sub_4106d4 of the file apply.cgi. The manipulation of the argument countdown_time results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be exploited. This vulnerability only affe

CVE-2025-10034 [HIGH] CWE-119 CVE-2025-10034: A vulnerability was found in D-Link DIR-825 1.08.01. This impacts the function get_ping6_app_stat of A vulnerability was found in D-Link DIR-825 1.08.01. This impacts the function get_ping6_app_stat of the file ping6_response.cg of the component httpd. Performing manipulation of the argument ping6_ipaddr results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This vulnerability o

CVE-2025-8949 [HIGH] CWE-119 CVE-2025-8949: A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the functio A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function get_ping_app_stat of the file ping_response.cgi of the component httpd. The manipulation of the argument ping_ipaddr leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7206 [HIGH] CWE-119 CVE-2025-7206: A vulnerability, which was classified as critical, has been found in D-Link DIR-825 2.10. This issue A vulnerability, which was classified as critical, has been found in D-Link DIR-825 2.10. This issue affects the function sub_410DDC of the file switch_language.cgi of the component httpd. The manipulation of the argument Language leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and

CVE-2025-6291 [HIGH] CWE-119 CVE-2025-6291: A vulnerability, which was classified as critical, was found in D-Link DIR-825 2.03. This affects th A vulnerability, which was classified as critical, was found in D-Link DIR-825 2.03. This affects the function do_file of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only aff

CVE-2025-6292 [HIGH] CWE-119 CVE-2025-6292: A vulnerability has been found in D-Link DIR-825 2.03 and classified as critical. This vulnerability A vulnerability has been found in D-Link DIR-825 2.03 and classified as critical. This vulnerability affects the function sub_4091AC of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only

CVE-2024-0717 [MEDIUM] CWE-200 CVE-2024-0717: A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DI A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530,

CVE-2022-47035 [CRITICAL] CWE-120 CVE-2022-47035: Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker t Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint.

CVE-2022-29332 [MEDIUM] CWE-22 CVE-2022-29332: D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the "../../../. D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the "../../../../" setting of the FTP server folder to set the router's root folder for FTP access. This allows you to access the entire router file system via the FTP server.

CVE-2021-29296 [HIGH] CWE-476 CVE-2021-29296: Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vct_wan; the sbin/httpd would invoke the strchr function and take NULL as a first argument, which finally leads to the segmentation fault. NOTE: T

CVE-2020-10213 [HIGH] CWE-78 CVE-2020-10213: An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.

CVE-2020-10214 [HIGH] CWE-787 CVE-2020-10214: An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntp_sync.cgi with a sufficiently long parameter ntp_server.

CVE-2020-10215 [HIGH] CWE-78 CVE-2020-10215: An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.

CVE-2020-10216 [HIGH] CWE-78 CVE-2020-10216: An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.