Primary

Context

D-Link DIR-825 Buffer Overflow Vulnerability in apply.cgi

Vulnerability

A buffer overflow vulnerability has been identified in the D-Link DIR-825 router, specifically in the Rev.B 2.10 firmware. The issue arises in the apply.cgi file, within the sub_4106d4 function, where the countdown_time parameter is manipulated, leading to a stack overflow. This vulnerability can be exploited remotely and affects devices that are no longer supported by the manufacturer.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can potentially be leveraged to execute arbitrary code or cause a denial-of-service condition on the device.

Reproduction

The vulnerability can be reproduced by sending a POST request to the apply.cgi endpoint with a crafted countdown_time parameter. The payload must be sufficiently long to exceed the buffer capacity, causing a stack overflow.

Added: Sep 18, 2025, 1:19 PM

Updated: Sep 18, 2025, 4:23 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.5

threat

6.5

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.5

threat

6.5

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Link DIR-825 Buffer Overflow Vulnerability in apply.cgi

Vulnerability

Impact

Reproduction

Affected Products

D-Link DIR-825

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating