CVE-2025-11338

Name of the Vulnerable Software and Affected Versions D-Link DI-7100G C1 versions up to 20250928

Description A buffer overflow issue exists in the jhttpd component of D-Link DI-7100G C1. The issue is located in the sub 4C0990 function of the /webchat/login.cgi file. Manipulation of the openid argument can trigger the buffer overflow, allowing for remote code execution. The exploit for this issue has been published.

Recommendations Versions up to 20250928 should be updated to a newer, secure version when available. As a temporary workaround, consider restricting access to the /webchat/login.cgi file to minimize the risk of exploitation. Avoid manipulating the openid argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.