Vulnerability Details CVE-2025-4544
A vulnerability was found in D-Link DI-8100 up to 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /ddos.asp of the component jhttpd. The manipulation of the argument def_max/def_time/def_tcp_max/def_tcp_time/def_udp_max/def_udp_time/def_icmp_max leads to stack-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.1%
CVSS Severity
CVSS v3 Score 6.6
CVSS v2 Score 6.8
References
- https://github.com/Yhuanhuan01/DI-8100_Vulnerability_Report/blob/main/Vulnerability_Report.md
- https://vuldb.com/?ctiid.308291
- https://vuldb.com/?id.308291
- https://vuldb.com/?submit.562695
- https://www.dlink.com/
- https://github.com/Yhuanhuan01/DI-8100_Vulnerability_Report/blob/main/Vulnerability_Report.md
Products affected by CVE-2025-4544
-
cpe:2.3:h:dlink:di-8100:-
-
cpe:2.3:o:dlink:di-8100_firmware:16.07
-
cpe:2.3:o:dlink:di-8100_firmware:16.07.26
-
cpe:2.3:o:dlink:di-8100_firmware:16.07.26a1