CVE-2025-4544

Sažetak

A vulnerability was found in D-Link DI-8100 up to 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /ddos.asp of the component jhttpd. The manipulation of the argument def_max/def_time/def_tcp_max/def_tcp_time/def_udp_max/def_udp_time/def_icmp_max leads to stack-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult.

Reference

https://github.com/Yhuanhuan01/DI-8100_Vulnerability_Report/blob/main/Vulnerability_Report.md
https://vuldb.com/?ctiid.308291
https://vuldb.com/?id.308291
https://vuldb.com/?submit.562695
https://www.dlink.com/

CVSS

Base:	6.8
Impact:	10.0
Exploitability:	3.2

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	MULTIPLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:H/Au:M/C:C/I:C/A:C

Zadnje važnije ažuriranje

11-05-2025 - 19:15

Objavljeno

11-05-2025 - 19:15