CVE-2025-5572

Name of the Vulnerable Software and Affected Versions D-Link DCS-932L version 2.18.01

Description A critical vulnerability was found in the D-Link DCS-932L, affecting the function setSystemEmail of the file /setSystemEmail. The manipulation of the argument EmailSMTPPortNumber leads to a stack-based buffer overflow. This issue can be exploited remotely and only affects products that are no longer supported by the maintainer.

Recommendations For D-Link DCS-932L version 2.18.01, as a temporary workaround, consider disabling the setSystemEmail function until a patch is available. Restrict access to the /setSystemEmail file to minimize the risk of exploitation. Avoid using the EmailSMTPPortNumber argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.