QwikSec

Security Database

CVE

CWE

Training

CVE-2025-4544

Published: May 11, 2025

Modified: May 12, 2025

PUBLISHED

CVSS v3.1

6.6

MEDIUM

Description

A vulnerability was found in D-Link DI-8100 up to 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /ddos.asp of the component jhttpd. The manipulation of the argument def_max/def_time/def_tcp_max/def_tcp_time/def_udp_max/def_udp_time/def_icmp_max leads to stack-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult.

Vendor	Product	Versions
D-Link	DI-8100	affected `16.07.26A1`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

VDB-308291 | D-Link DI-8100 jhttpd ddos.asp stack-based overflow

vdb-entry

technical-description

VDB-308291 | CTI Indicators (IOB, IOC, IOA)

signature

permissions-required

Submit #562695 | D-Link DI-8100 DI-8100-16.07.26A1 Stack-based Buffer Overflow

third-party-advisory

https://github.com/Yhuanhuan01/DI-8100_Vulnerability_Report/blob/main/Vulnerability_Report.md

related

https://www.dlink.com/

product

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.