CVE-2025-3785

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions D-Link DWR-M961 version 1.1.36

Description A critical vulnerability has been found in the Authorization Interface component of the D-Link DWR-M961, affecting the file /boafrm/formStaticDHCP. The manipulation of the Hostname argument leads to a stack-based buffer overflow. This issue can be initiated remotely.

Recommendations For version 1.1.36, upgrade to version 1.1.49 to address this issue. As a temporary workaround, consider restricting access to the vulnerable component until the upgrade is applied.

Exploit

Fix

Stack Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-119

Related Identifiers

BDU:2025-04749

CVE-2025-3785

Affected Products

D-Link Dwr-M961

CVE-2025-3785

Weakness Enumeration

Related Identifiers

Affected Products

References · 15