CVE-2025-10779

Name of the Vulnerable Software and Affected Versions D-Link DCS-935L versions prior to 1.13.01

Description A stack-based buffer overflow issue exists in the sub 402280 function of the /HNAP1/ file. The issue is due to the manipulation of the HNAP AUTH/SOAPAction argument, which can allow a remote attacker to execute arbitrary code. The vulnerability is related to a flawed implementation of the strcpy() function, which copies data into a buffer without checking the size of the input. This allows an attacker to send a specially crafted POST request to trigger the overflow. The product is no longer supported by the maintainer.

Recommendations Versions prior to 1.13.01 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.