CVE-2025-1103
Published: 07 February 2025
Summary
CVE-2025-1103 is a high-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Dlink Dir-823X Firmware. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 7.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A vulnerability classified as problematic exists in the D-Link DIR-823X device running firmware versions 240126 or 240802. It resides in the set_wifi_blacklists function of the /goform/set_wifi_blacklists endpoint inside the HTTP POST Request Handler component. The flaw is triggered by improper handling of the macList argument, resulting in a null pointer dereference that maps to CWE-404 and CWE-476.
An attacker with low privileges can exploit the issue remotely by sending a crafted HTTP POST request. Successful exploitation produces a denial-of-service condition that affects device availability while leaving confidentiality and integrity untouched.
Publicly available references include a detailed disclosure on a Notion page, multiple VulDB entries, and the vendor site, yet none of the supplied sources describe available patches or specific mitigation steps. The associated EPSS score has remained low, reaching a modest peak of 0.1084 before receding to 0.0949.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2005
Vulnerability details
A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function set_wifi_blacklists of the file /goform/set_wifi_blacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to null pointer dereference.…
more
It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Null pointer dereference in HTTP handler directly enables remote DoS via application/system exploitation (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly validates the macList argument in HTTP POST requests to the set_wifi_blacklists function, preventing malformed inputs from causing null pointer dereference.
Ensures null pointer errors from invalid macList manipulation are handled gracefully without resulting in device crashes or denial of service.
Provides timely remediation of the specific null pointer dereference flaw through firmware patching for affected D-Link DIR-823X routers.