CVE-2025-10666

HIGH

D-Link DIR-825 Firmware < 2.10 - Buffer Overflow via apply.cgi countdown_time Argument

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-10666. PoCs published by Beatriz Fresno Naumova.

AI-analyzed exploit summary This PoC exploits a stack-based buffer overflow in D-Link DIR-825 Rev.B routers via the 'countdown_time' parameter in apply.cgi, causing a DoS by sending an overly long payload.

Description

A security flaw has been discovered in D-Link DIR-825 up to 2.10. Affected by this vulnerability is the function sub_4106d4 of the file apply.cgi. The manipulation of the argument countdown_time results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be exploited. This vulnerability only affects products that are no longer supported by the maintainer.

Exploits (1)

exploitdb WORKING POC

by Beatriz Fresno Naumova · pythonhardwaremultiple

https://www.exploit-db.com/exploits/52469

View Code ZIP pw:eip

This PoC exploits a stack-based buffer overflow in D-Link DIR-825 Rev.B routers via the 'countdown_time' parameter in apply.cgi, causing a DoS by sending an overly long payload.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: D-Link DIR-825 Rev.B firmware <= 2.10

No auth needed

Prerequisites: Network access to the router's web interface · Router must be running vulnerable firmware

MITRE ATT&CK