CVE-2025-5228

Sažetak

A vulnerability was found in D-Link DI-8100 up to 20250523. It has been classified as critical. Affected is the function httpd_get_parm of the file /login.cgi of the component jhttpd. The manipulation of the argument notify leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used.

Reference

https://github.com/xubeining/Cve_report/blob/main/The%20D-Link%20DI-8100%20contains%20a%20binary%20vulnerability.md
https://vuldb.com/?ctiid.310326
https://vuldb.com/?id.310326
https://vuldb.com/?submit.583430
https://www.dlink.com/

CVSS

Base:	8.3
Impact:	10.0
Exploitability:	6.5

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:A/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

28-05-2025 - 15:01

Objavljeno

27-05-2025 - 04:15