Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

D-Link DI-7100G C1 Buffer Overflow Vulnerability in jhttpd Web Component

Vulnerability

Exploited

A buffer overflow vulnerability has been identified in the D-Link DI-7100G C1 router, affecting firmware versions prior to 20250928. The issue arises in the jhttpd web component, specifically within the function sub_4BD4F8 of the file /webchat/hi_block.asp. The vulnerability can be exploited remotely by manipulating the popupId argument.

Impact

Exploitation of this vulnerability leads to a buffer overflow, which can commonly result in arbitrary code execution or causing the device to crash.

Reproduction

The vulnerability can be reproduced by sending a crafted request to the /webchat/hi_block.asp endpoint, including a popupId argument that exceeds the buffer size, causing a buffer overflow condition.

Added: Oct 6, 2025, 5:36 PM

Updated: Oct 6, 2025, 5:36 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

9.4

remediation

0.0

relevance

0.6

threat

8.0

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

9.4

remediation

0.0

relevance

0.6

threat

8.0

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

D-Link DI-7100G C1 Buffer Overflow Vulnerability in jhttpd Web Component

Vulnerability

Impact

Reproduction

Affected Products

D-Link DI-7100G C1

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating