CVE-2025-4843

HIGH

D-Link DCS-932L 2.18.01 - Stack-Based Buffer Overflow in udev SubUPnPCSInit

Title source: llm

Description

A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. This affects the function SubUPnPCSInit of the file /sbin/udev. The manipulation of the argument CameraName leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.309309

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.309309

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.574926

Exploit exploit

https://github.com/BeaCox/IoT_vuln/tree/main/D-Link/DCS-932L/udev_bof

View Exploit ZIP pw:eip

Product product

https://www.dlink.com/

Scores

CVSS v3 8.8

EPSS 0.0102

EPSS Percentile 59.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-119 CWE-121 CWE-787

Status published

Products (1)

dlink/dcs-932l_firmware 2.18.01

Published May 18, 2025

Tracked Since Feb 18, 2026