PT-2025-30223 · D Link · Di-8100 +1

Bazhuayu

Published

2025-07-18

Updated

2025-07-21

CVE-2025-7911

Report an issue

CVSS v2.0

9.0

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

**Name of the Vulnerable Software and Affected Versions:**

D-Link DI-8100 version 1.0

**Description:**

A critical vulnerability exists in the `sprintf` function within the `jhttpd` component of D-Link DI-8100 version 1.0. Manipulation of the `remove ext proto`/`remove ext port` argument in the `/upnp ctrl.asp` file leads to a stack-based buffer overflow. This issue can be exploited remotely, and the exploit has been publicly disclosed.

**Recommendations:**

D-Link DI-8100 version 1.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Stack Overflow

Buffer Overflow

Weakness Enumeration

CWE-121CWE-119

Related Identifiers

BDU:2025-08947

CVE-2025-7911

Affected Products

Di-8100

Jhttpd

PT-2025-30223 · D Link · Di-8100 +1

Weakness Enumeration

Related Identifiers

Affected Products

References · 14