CVE-2025-7194

Name of the Vulnerable Software and Affected Versions: D-Link DI-500WF version 17.04.10A1T

Description: A critical issue affects the sprintf function of the ip position.asp file in the jhttpd component. Manipulation of the ip argument leads to a stack-based buffer overflow. This issue can be exploited remotely. An exploit has been publicly disclosed and may be utilized.

Recommendations: For D-Link DI-500WF version 17.04.10A1T, as a temporary workaround, consider restricting access to the ip position.asp file or disabling the jhttpd component until a patch is available. Avoid using the ip argument in the affected ip position.asp file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.