Which versions of D-Link DIR-825 are affected by CVE-2026-7069?

D-Link DIR-825 routers contain a buffer overflow vulnerability in the UPnP service that allows authenticated network attackers to completely compromise affected devices.

Is there a public PoC exploit available for CVE-2026-7069?

Yes, a public proof-of-concept exploit is available for CVE-2026-7069. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-7069?

Within 24 hours: Inventory all DIR-825 routers in your network and document firmware versions. Within 7 days: Disable UPnP/miniupnpd service on all DIR-825 devices via administrative interface, or isolate affected routers to restricted network segments with no sensitive traffic. Within 30 days: Execute equipment replacement plan to migrate DIR-825 routers to current D-Link models or alternative vendors receiving active security updates; DIR-825 is end-of-life and will not receive patches.

D-Link DIR-825 CVE-2026-7069

Q: What is the CVSS score of CVE-2026-7069?

CVE-2026-7069 has a CVSS 4.0 base score of 7.3 (High). CVSS vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-25744 HIGH

Classic Buffer Overflow (CWE-120)

2026-04-27 VulDB

Buffer Overflow D-Link

7.3

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.3 HIGH

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Apr 30, 2026 - 14:08 vuln.today

Public exploit code

Analysis Updated

Apr 29, 2026 - 01:29 vuln.today

v2 (cvss_changed)

CVSS changed

Apr 29, 2026 - 01:12 NVD

8.6 (HIGH) 7.3 (HIGH)

Re-analysis Queued

Apr 27, 2026 - 19:07 vuln.today

cvss_changed

Analysis Generated

Apr 27, 2026 - 00:29 vuln.today

CVSS changed

Apr 27, 2026 - 00:22 NVD

8.0 (HIGH) 8.6 (HIGH)

EUVD ID Assigned

Apr 27, 2026 - 00:15 euvd

EUVD-2026-25744

Analysis Generated

Apr 27, 2026 - 00:15 vuln.today

CVE Published

Apr 27, 2026 - 00:00 nvd

HIGH 7.3

DescriptionCVE.org

A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. Performing a manipulation of the argument NewPortMappingDescription results in buffer overflow. The attack needs to be approached within the local network. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

Buffer overflow in D-Link DIR-825 router's miniupnpd service allows authenticated adjacent network attackers to achieve complete device compromise through malicious UPnP SOAP requests. Affects DIR-825 firmware versions up to 3.00b32, which D-Link no longer supports. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Gain adjacent network access

Delivery

Authenticate to LAN

Exploit

Discover UPnP service on router

Install

Send crafted AddPortMapping SOAP request

Trigger buffer overflow in miniupnpd

Execute

Overwrite stack return address

Impact

Execute arbitrary code as root

Recon

Gain adjacent network access

Delivery

Authenticate to LAN

Exploit

Discover UPnP service on router

Install

Send crafted AddPortMapping SOAP request

Trigger buffer overflow in miniupnpd

Execute

Overwrite stack return address

Impact

Execute arbitrary code as root

Vulnerability AssessmentAI

Exploitation	Attacker must have adjacent network access (AV:A), meaning physical presence on the same network segment as the vulnerable router via WiFi association or wired Ethernet connection. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	Real-world risk is compartmentalized by attack surface constraints despite high technical impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker who has gained access to the local network (either by compromising a workstation on the LAN, connecting to the WiFi with valid credentials, or physically accessing an Ethernet port) crafts a malicious UPnP SOAP request targeting the router's miniupnpd service. The attacker sends an AddPortMapping command with an oversized NewPortMappingDescription parameter, triggering the stack-based buffer overflow in upnpsoap.c. …
Remediation	No vendor-released patch exists or will be developed as D-Link has ended support for the DIR-825 product line. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all DIR-825 routers in your network and document firmware versions. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-12174 HIGH This Week POC

7.4 Jun 13

Format string vulnerability in the D-Link DCS-935L 1.10.01 IP camera allows authenticated remote attackers to corrupt me

CVE-2026-7069 vulnerability details – vuln.today

Back