Description
A vulnerability was found in D-Link DIR-825 1.08.01. This impacts the function get_ping6_app_stat of the file ping6_response.cg of the component httpd. Performing manipulation of the argument ping6_ipaddr results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
References (5)
Core 5
Core References
Product product
https://www.dlink.com/
Third Party Advisory, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.322750
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.322750
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.643978
Exploit, Third Party Advisory exploit
https://github.com/Jjx-wy/D-Link/blob/main/D-Link%20DIR-825%202.10.pdf
Scores
CVSS v3
8.8
EPSS
0.0020
EPSS Percentile
41.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-119
CWE-120
Status
published
Products (1)
dlink/dir-825_firmware
1.08.01
Published
Sep 06, 2025
Tracked Since
Feb 18, 2026