CVE-2025-11339

Name of the Vulnerable Software and Affected Versions D-Link DI-7100G C1 versions up to 20250928

Description A flaw exists in the jhttpd component of D-Link DI-7100G C1. The issue is due to a buffer overflow in the sub 4BD4F8 function within the /webchat/hi block.asp file. The popupId argument can be manipulated to trigger this overflow, allowing for remote exploitation. The exploit has been publicly disclosed.

Recommendations Versions up to 20250928 should be updated. As a temporary workaround, consider restricting access to the /webchat/hi block.asp file. Avoid using the popupId argument in the affected file until the issue is resolved.