D-Link DIR-825 CVE-2026-7068

HIGH
Buffer Overflow (CWE-119)
2026-04-27 [email protected]
Buffer Overflow D-Link
7.4
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Updated
Apr 29, 2026 - 01:28 vuln.today
v2 (cvss_changed)
CVSS changed
Apr 29, 2026 - 01:12 NVD
8.7 (HIGH) 7.4 (HIGH)
Re-analysis Queued
Apr 27, 2026 - 19:07 vuln.today
cvss_changed
Analysis Generated
Apr 27, 2026 - 00:29 vuln.today

DescriptionNVD

A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD_process of the file sserver.c of the component nmbd. Such manipulation leads to buffer overflow. The attack can only be initiated within the local network. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

Stack-based buffer overflow in D-Link DIR-825 firmware 3.00b32's nmbd NetBIOS service allows adjacent network attackers to achieve complete device compromise without authentication. Public exploit code exists (SSVC: POC confirmed), though EPSS probability remains low (0.03%, 7th percentile) indicating limited observed exploitation attempts. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify and inventory all D-Link DIR-825 devices running firmware 3.00b32 across the network. Within 7 days: Implement network segmentation to isolate affected routers from sensitive systems and restrict access to trusted networks only. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-7069 HIGH POC
7.3 Apr 27

Buffer overflow in D-Link DIR-825 router's miniupnpd service allows authenticated adjacent network attackers to achieve

CVE-2026-7248 HIGH
8.9 Apr 28

Remote code execution in D-Link DI-8100 router firmware 16.07.26A1 allows unauthenticated attackers to compromise the de
CVE-2026-6947 HIGH
8.7 Apr 24

Brute-force protection bypass in D-Link DWM-222W USB Wi-Fi Adapter allows remote unauthenticated attackers to perform un
CVE-2026-7288 HIGH
7.4 Apr 28

Buffer overflow in D-Link DIR-825M 1.1.12 router allows authenticated remote attackers to achieve high-severity code exe
CVE-2026-7289 HIGH
7.4 Apr 28

Remote authenticated attackers can execute arbitrary code on D-Link DIR-825M routers (firmware 1.1.12) by sending specia

Share

CVE-2026-7068 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy