CVE-2025-3538

Sažetak

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been rated as critical. This issue affects the function auth_asp of the file /auth.asp of the component jhttpd. The manipulation of the argument callback leads to stack-based buffer overflow. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used.

Reference

https://github.com/Fizz-L/CVE1/blob/main/DI-8100Command%20execution2.md
https://vuldb.com/?ctiid.304577
https://vuldb.com/?id.304577
https://vuldb.com/?submit.524224
https://www.dlink.com/

CVSS

Base:	8.3
Impact:	10.0
Exploitability:	6.5

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:A/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

15-04-2025 - 18:39

Objavljeno

13-04-2025 - 19:15