CVE-2025-11339
Published: 06 October 2025
Summary
CVE-2025-11339 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Di-7100G C1 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 33.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly validates the popupId argument in the /webchat/hi_block.asp file to prevent buffer overflow from malformed inputs.
Implements memory protections such as DEP and ASLR to mitigate exploitation of buffer overflows in the jhttpd component.
Ensures timely remediation of the buffer overflow flaw in D-Link DI-7100G firmware up to 20250928 through patching.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in the remotely accessible web interface (/webchat/hi_block.asp) of the D-Link DI-7100G router enables exploitation of a public-facing application for initial access.
NVD Description
A vulnerability has been found in D-Link DI-7100G C1 up to 20250928. This issue affects the function sub_4BD4F8 of the file /webchat/hi_block.asp of the component jhttpd. The manipulation of the argument popupId leads to buffer overflow. The attack can be…
more
initiated remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-11339 is a buffer overflow vulnerability affecting the D-Link DI-7100G C1 router with firmware versions up to 20250928. The issue resides in the sub_4BD4F8 function within the /webchat/hi_block.asp file of the jhttpd component, where manipulation of the popupId argument triggers the overflow. This flaw, linked to CWE-119 and CWE-120, was published on 2025-10-06 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity.
The vulnerability enables remote exploitation by an attacker with low privileges, requiring network access but no user interaction or complex conditions. Successful exploitation could result in high-impact confidentiality, integrity, and availability violations, potentially allowing arbitrary code execution on the affected device.
Advisories and details are available via VulDB entries at https://vuldb.com/?ctiid.327222, https://vuldb.com/?id.327222, and https://vuldb.com/?submit.664635, alongside the D-Link website at https://www.dlink.com/ and a related disclosure at https://www.yuque.com/jh0ng/vmpda6/zr11zfssl8h74bn3; however, specific patch or mitigation guidance is not detailed in the core vulnerability report.
The exploit has been publicly disclosed and may be actively used, heightening risks for unpatched D-Link DI-7100G C1 devices exposed to the internet.
Details
- CWE(s)