- Description
- A security flaw has been discovered in D-Link DIR-825 up to 2.10. Affected by this vulnerability is the function sub_4106d4 of the file apply.cgi. The manipulation of the argument countdown_time results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be exploited. This vulnerability only affects products that are no longer supported by the maintainer.
- Source
- cna@vuldb.com
- NVD status
- Modified
- CNA Tags
- unsupported-when-assigned
- Products
- dir-825_firmware
CVSS 4.0
- Type
- Secondary
- Base score
- 7.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Secondary
- Base score
- 9
- Impact score
- 10
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:C/I:C/A:C
- Hype score
- Not currently trending
1.61 IoT pack : - Tapo C260. CVE-2026-0652 + CVE-2026-0653 - D-Link DIR-825 CVE-2025-10666 - MOVISTAR ADSL ROUTER + ABUS Security Camera + COMMAX Smart Home DVR minor vulns - Intelbras IWR 3000N 1.5.0 devices Dos - MESSOA NIC990 IP-Camera auth bypass configuration download
@ExCraft_labs
8 Apr 2026
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-10666: Stack buffer overflow in D-Link DIR-825 Rev.B (≤2.10) via apply.cgi countdown_time parameter causes DoS. https://t.co/thrCBXMBMv #Cybersecurity #CVE #DLink #BufferOverflow #RouterVulnerability #IoTSecurity #ExploitPoC #DoSAttack #LegacyDevices #ThreatIntel ht
@redsecuretech
3 Feb 2026
34 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-10666 A security flaw has been discovered in D-Link DIR-825 up to 2.10. Affected by this vulnerability is the function sub_4106d4 of the file apply.cgi. The manipulation of… https://t.co/Yp0QCcLJXE
@CVEnew
19 Sept 2025
311 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-10666: HIGH] Security flaw in D-Link DIR-825 up to 2.10 exposes buffer overflow risk in apply.cgi. Exploit allows remote attacks but only impacts unsupported products.#cve,CVE-2025-10666,#cybersecurity https://t.co/xqk16dyU8g https://t.co/G8XHUwKTub
@CveFindCom
18 Sept 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-825_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96FEFE46-E2FA-4240-AFBC-FFCB4D06819F",
"versionEndIncluding": "2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-825:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7038F8A9-03F3-4442-B371-84801EF05447",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]