CVE-2026-7069
HIGHD-Link DIR-825 miniupnpd upnpsoap.c AddPortMapping buffer overflow
Title source: cnaDescription
A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. Performing a manipulation of the argument NewPortMappingDescription results in buffer overflow. The attack needs to be approached within the local network. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.
References (5)
Scores
CVSS v3
8.0
EPSS
0.0004
EPSS Percentile
13.0%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-119
CWE-120
Status
published
Products (1)
D-Link/DIR-825
3.00b32
Published
Apr 27, 2026
Tracked Since
Apr 27, 2026