SB2025022119 - Multiple vulnerabilities in D-Link DIR-823

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025022119

SB2025022119 - Multiple vulnerabilities in D-Link DIR-823

Published: February 21, 2025

Security Bulletin ID SB2025022119
Severity
High
Patch available
NO
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Stack-based buffer overflow (CVE-ID: CVE-2025-25740)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the PSK parameter in the SetQuickVPNSettings module. A remote attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Stack-based buffer overflow (CVE-ID: CVE-2025-25745)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the Password parameter in the SetQuickVPNSettings module. A remote attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Stack-based buffer overflow (CVE-ID: CVE-2025-25741)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the IPv6_PppoePassword parameter in the SetIPv6PppoeSettings module. A remote attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


4) Stack-based buffer overflow (CVE-ID: CVE-2025-25742)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the AccountPassword parameter in the SetSysEmailSettings module. A remote attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


5) OS Command Injection (CVE-ID: CVE-2025-25743)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the SetVirtualServerSettings module.. A remote attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


6) Stack-based buffer overflow (CVE-ID: CVE-2025-25744)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the Password parameter in the SetDynamicDNSSettings module. A remote attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


7) Stack-based buffer overflow (CVE-ID: CVE-2025-25746)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the Password parameter in the SetWanSettings module. A remote attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References