PT-2025-16178 · D Link · D-Link Di-8100
Fizzl
·
Published
2025-03-20
·
Updated
2025-04-17
·
CVE-2025-3538
CVSS v4.0
8.7
High
| Vector | AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
D-Link DI-8100 version 16.07.26A1
Description:
A critical issue affects the function
auth asp of the file /auth.asp of the component jhttpd. The manipulation of the argument callback leads to a stack-based buffer overflow. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used.Recommendations:
For D-Link DI-8100 version 16.07.26A1, as a temporary workaround, consider disabling the
auth asp function until a patch is available. Restrict access to the vulnerable module jhttpd to minimize the risk of exploitation. Avoid using the parameter callback in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Memory Corruption
Stack Overflow
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
D-Link Di-8100