#VU112045 Stack-based buffer overflow in D-Link products - CVE-2025-5572
Published: June 30, 2025
Vulnerability identifier: #VU112045
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2025-5572
CWE-ID: CWE-121
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
DCS-930L
DCS-931L
DCS-932L
DCS-933L
DCS-934L
DCS-935L
DCS-936L
DCS-940L
DCS-942L
DCS-5000L
DCS-960L
DCS-930L
DCS-931L
DCS-932L
DCS-933L
DCS-934L
DCS-935L
DCS-936L
DCS-940L
DCS-942L
DCS-5000L
DCS-960L
Software vendor:
D-Link
D-Link
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the "setSystemEmail" function in the /setSystemEmail file. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.