Primary

Context

D-Link DI-7100G Buffer Overflow Vulnerability Allowing Denial-of-Service or Arbitrary Code Execution

Vulnerability

A buffer overflow vulnerability has been identified in the D-Link DI-7100G router, specifically in the jhttpd service's sub_451754 function. This vulnerability arises from the viav4 parameter, where an excessively long string can lead to a stack overflow. The issue allows attackers to cause a denial-of-service condition or execute arbitrary code on the device.

Impact

Exploitation of this vulnerability can lead to a stack-based buffer overflow, allowing for arbitrary code execution or causing a denial-of-service condition on the device.

Reproduction

The vulnerability can be reproduced by sending a crafted HTTP GET request to the '/dbsrv.asp' endpoint. The request must include an excessively long 'str' parameter, which will trigger the buffer overflow in the jhttpd service.

Added: Sep 23, 2025, 7:20 PM

Updated: Sep 23, 2025, 7:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

10.0

exploitability

9.1

remediation

0.0

relevance

0.6

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

10.0

exploitability

9.1

remediation

0.0

relevance

0.6

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Link DI-7100G Buffer Overflow Vulnerability Allowing Denial-of-Service or Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

D-Link DI-7100G

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating