CVE-2025-7911CRITICAL 9.8EPSS p66.5%

CVE-2025-7911CVE-2025-7911

Description

A vulnerability classified as critical was found in D-Link DI-8100 1.0. This vulnerability affects the function sprintf of the file /upnp_ctrl.asp of the component jhttpd. The manipulation of the argument remove_ext_proto/remove_ext_port leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS1.29% probability of exploitation · percentile 66.5% · 2026-06-18T12:00:27Z
Published2025-07-20
Last modified2025-08-08

Underlying weaknesses· 2

CWE-119CWE-121

References

  1. https://github.com/buobo/bo-s-CVE/blob/main/DI-8100/upnp_ctrl_asp.md
  2. https://vuldb.com/?ctiid.317026
  3. https://vuldb.com/?id.317026
  4. https://vuldb.com/?submit.618640
  5. https://vuldb.com/?submit.618641
  6. https://www.dlink.com/
  7. https://github.com/buobo/bo-s-CVE/blob/main/DI-8100/upnp_ctrl_asp.md

2

TypeTargetConfidenceTier
WeaknessImproper Restriction of Operations within the Bounds of a Memory Buffercwe-1190%live
WeaknessStack-based Buffer Overflowcwe-1210%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-7908
CVE
CVE-2025-7194
CVE
CVE-2025-3538
CVE
CVE-2025-5228
CVE
CVE-2025-6881
CVE
CVE-2025-11339
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.