AI description
CVE-2025-7206 is a critical vulnerability found in D-Link DIR-825 version 2.10. It affects the `httpd` component, specifically the `switch_language.cgi` file. The vulnerability lies in the `sub_410DDC` function, where manipulating the `Language` argument can lead to a stack-based buffer overflow. The attack can be initiated remotely without requiring any user interaction. By sending an HTTP POST request to `switch_language.cgi` with an oversized language parameter, an attacker can overflow the local stack frame. This can crash the device's HTTP server, potentially disrupting VPNs, guest Wi-Fi, and IoT device management. The affected products are no longer supported by the maintainer.
- Description
- A vulnerability, which was classified as critical, has been found in D-Link DIR-825 2.10. This issue affects the function sub_410DDC of the file switch_language.cgi of the component httpd. The manipulation of the argument Language leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
- Source
- cna@vuldb.com
- NVD status
- Analyzed
- CNA Tags
- unsupported-when-assigned
CVSS 4.0
- Type
- Secondary
- Base score
- 8.9
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Secondary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
- cna@vuldb.com
- CWE-119
- Hype score
- Not currently trending
⚠️Vulnerabilidad en D-Link DIR-825 ❗CVE-2025-7206 ➡️Más info: https://t.co/exs9DHLI6E https://t.co/GVANhqZrt1
@CERTpy
17 Jul 2025
91 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
D-Link DIR-825に重大なバッファオーバーフロー脆弱性(CVE-2025-7206)|セキュリティニュース https://t.co/u59mSpcskN #izumino_trend
@sec_trend
15 Jul 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-7206 (CVSS:8.9, CRITICAL) is Awaiting Analysis. A vulnerability, which was classified as critical, has been found in D-Link DIR-825 2.10. This issue affects the functio..https://t.co/QnJkY9Kob1 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
14 Jul 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical flaw (CVE-2025-7206, CVSS 9.8) in D-Link DIR-825 firmware 2.10 allows unauthenticated remote buffer overflow, crashing the web interface. #DLinkSecurity #RouterHack #Cybersecurity https://t.co/6TNbTwYPiU
@the_yellow_fall
10 Jul 2025
104 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-7206(CVSS 9.8) allows remote attackers to crash the router’s web interface without authentication 🎯47K+ Results are found on the https://t.co/pb16tGYaKe nearly year 🔗FOFA Link:https://t.co/nc6U4IBQSX FOFA Query:app="D_Link-DIR-825" https://t.co/W
@fofabot
10 Jul 2025
5029 Impressions
12 Retweets
39 Likes
18 Bookmarks
2 Replies
2 Quotes
⚠️⚠️ CVE-2025-7206(CVSS 9.8) allows remote attackers to crash the router’s web interface without authentication — potentially paving the way for remote code execution or denial-of-service attacks. 🎯47K+ Results are found on the https://t.co/pb16tGYaKe nearly ye
@fofabot
10 Jul 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-7206 A vulnerability, which was classified as critical, has been found in D-Link DIR-825 2.10. This issue affects the function sub_410DDC of the file switch_language.cgi of … https://t.co/XUTIJpznB8
@CVEnew
9 Jul 2025
161 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-7206 Stack-Based Buffer Overflow in D-Link DIR-825 2.10 Httpd via Language Parameter https://t.co/CvfhwpJQmG
@VulmonFeeds
9 Jul 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-825_firmware:2.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "91763FB3-3AF0-4ABA-AC10-DEBC464621DF"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-825:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7038F8A9-03F3-4442-B371-84801EF05447"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]