CVE-2025-4544

D-Link DI-8100 jhttpd ddos.asp stack-based overflow

CVSS 7.5 HIGHEPSS 6.5%CWE-119 CWE-121

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.5EPSS 6.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

11 May 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability was found in D-Link DI-8100 up to 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /ddos.asp of the component jhttpd. The manipulation of the argument def_max/def_time/def_tcp_max/def_tcp_time/def_udp_max/def_udp_time/def_icmp_max leads to stack-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult.

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

D-Link · DI-8100

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/Yhuanhuan01/DI-8100_Vulnerability_Report/blob/main/Vulnerability_Report.md https://vuldb.com/?ctiid.308291 https://vuldb.com/?id.308291 https://vuldb.com/?submit.562695 https://www.dlink.com/