D-Link DIR-825 EUVD-2026-25744

| CVE-2026-7069 HIGH
Classic Buffer Overflow (CWE-120)
2026-04-27 VulDB
Buffer Overflow D-Link
7.3
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Updated
Apr 29, 2026 - 01:29 vuln.today
v2 (cvss_changed)
CVSS changed
Apr 29, 2026 - 01:12 NVD
8.6 (HIGH) 7.3 (HIGH)
Re-analysis Queued
Apr 27, 2026 - 19:07 vuln.today
cvss_changed
Analysis Generated
Apr 27, 2026 - 00:29 vuln.today
CVSS changed
Apr 27, 2026 - 00:22 NVD
8.0 (HIGH) 8.6 (HIGH)

DescriptionNVD

A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. Performing a manipulation of the argument NewPortMappingDescription results in buffer overflow. The attack needs to be approached within the local network. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

Buffer overflow in D-Link DIR-825 router's miniupnpd service allows authenticated adjacent network attackers to achieve complete device compromise through malicious UPnP SOAP requests. Affects DIR-825 firmware versions up to 3.00b32, which D-Link no longer supports. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all DIR-825 routers in your network and document firmware versions. Within 7 days: Disable UPnP/miniupnpd service on all DIR-825 devices via administrative interface, or isolate affected routers to restricted network segments with no sensitive traffic. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-7248 HIGH
8.9 Apr 28

Remote code execution in D-Link DI-8100 router firmware 16.07.26A1 allows unauthenticated attackers to compromise the de
CVE-2026-6947 HIGH
8.7 Apr 24

Brute-force protection bypass in D-Link DWM-222W USB Wi-Fi Adapter allows remote unauthenticated attackers to perform un
CVE-2026-7068 HIGH
7.4 Apr 27

Stack-based buffer overflow in D-Link DIR-825 firmware 3.00b32's nmbd NetBIOS service allows adjacent network attackers

CVE-2026-7288 HIGH
7.4 Apr 28

Buffer overflow in D-Link DIR-825M 1.1.12 router allows authenticated remote attackers to achieve high-severity code exe
CVE-2026-7289 HIGH
7.4 Apr 28

Remote authenticated attackers can execute arbitrary code on D-Link DIR-825M routers (firmware 1.1.12) by sending specia

Share

EUVD-2026-25744 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy