Dir 825 Firmware
CVE-2021-29296
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vct_wan; the sbin/httpd would invoke the strchr function and take NULL as a first argument, which finally leads to the segmentation fault. NOTE: The DIR-825 and all hardware revisions is considered End of Life and as such this issue will not be patched
AnalysisAI
Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vct_wan; the sbin/httpd would invoke the strchr function and take NULL as a first argument, which finally leads to the segmentation fault. NOTE: The DIR-825 and all hardware revisions is considered End of Life and as such this issue will not be patched Affected products include: Dlink Dir-825 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.
More in Dir 825 Firmware
View allA vulnerability, which was classified as critical, has been found in D-Link DIR-825 2.10. This issue affects the functio
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. Rated
CVE-2025-6292 is a critical stack-based buffer overflow vulnerability in D-Link DIR-825 routers (version 2.03 and potent
CVE-2025-6291 is a critical stack-based buffer overflow vulnerability in D-Link DIR-825 firmware version 2.03, exploitab
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. Rated high severity (CVSS 8.8), this vulnerability is remo
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. Rated high severity (CVSS 8.8), this vulnerability is remo
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. Rated high severity (CVSS 8.8), this vulnerability is remo
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. Rated high severity (CVSS 8.8), this vulnerability is remo
A security flaw has been discovered in D-Link DIR-825 up to 2.10. Rated high severity (CVSS 7.4), this vulnerability is
D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is r
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DI
A vulnerability was found in D-Link DIR-825 1.08.01. Rated high severity (CVSS 7.4), this vulnerability is remotely expl
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allShare
External POC / Exploit Code
Leaving vuln.today