CVE-2025-4544

Name of the Vulnerable Software and Affected Versions D-Link DI-8100 versions up to 16.07.26A1

Description A critical issue affects the processing of the file /ddos.asp of the component jhttpd. The manipulation of the arguments def max, def time, def tcp max, def tcp time, def udp max, def udp time, def icmp max leads to a stack-based buffer overflow. The attack may be initiated remotely, with a rather high complexity and difficult exploitation.

Recommendations For D-Link DI-8100 versions up to 16.07.26A1, as a temporary workaround, consider restricting access to the /ddos.asp file of the jhttpd component until a patch is available. Avoid manipulating the arguments def max, def time, def tcp max, def tcp time, def udp max, def udp time, def icmp max in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.