D-Link DIR-825 Buffer Overflow Vulnerability in NetBIOS Name Service Daemon

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the D-Link DIR-825 router running firmware version 3.00b32. This issue arises in the NetBIOS Name Service daemon (nmbd), specifically within the NMBD_process function of the sserver.c file. The vulnerability allows for an out-of-bounds write by copying unvalidated packet data from NetBIOS name queries on UDP port 137 into a fixed-size stack buffer. As a result, an attacker on the local network can exploit this vulnerability to crash the service and potentially execute arbitrary code, depending on the runtime environment and available mitigations.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, which can cause the service to crash and may allow for arbitrary code execution, depending on the device's runtime environment and security mitigations in place.

Added: Apr 27, 2026, 12:21 AM

Updated: Apr 27, 2026, 12:21 AM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

5.7

remediation

0.0

relevance

6.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

5.7

remediation

0.0

relevance

6.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Link DIR-825 Buffer Overflow Vulnerability in NetBIOS Name Service Daemon

Vulnerability

Impact

Affected Products

D-Link DIR-825

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating