CVE-2025-11408
Published: 07 October 2025
Summary
CVE-2025-11408 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Di-7001Mini-8G Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 37.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires input validation at entry points like the 'str' argument in /dbsrv.asp, directly preventing buffer overflow exploitation by rejecting malformed inputs.
SI-2 mandates timely remediation of identified flaws such as this buffer overflow in D-Link firmware, eliminating the vulnerability through patching.
SI-16 enforces memory protections like stack guards and non-executable regions that mitigate successful buffer overflow exploitation even if input validation fails.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in the web interface (/dbsrv.asp) of D-Link router firmware, remotely exploitable with low privileges (PR:L), enabling arbitrary code execution and system compromise on a public-facing network device.
NVD Description
A security vulnerability has been detected in D-Link DI-7001 MINI 24.04.18B1. The affected element is an unknown function of the file /dbsrv.asp. Such manipulation of the argument str leads to buffer overflow. The attack may be launched remotely. The exploit…
more
has been disclosed publicly and may be used.
Deeper analysisAI
CVE-2025-11408 is a buffer overflow vulnerability (CWE-119, CWE-120) affecting the D-Link DI-7001 MINI firmware version 24.04.18B1. The issue resides in an unknown function within the /dbsrv.asp file, where manipulation of the 'str' argument triggers the overflow. Published on 2025-10-07, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), marking it as high severity.
Attackers require low privileges (PR:L) to exploit this remotely over the network with low complexity and no user interaction. Successful exploitation can result in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution or system compromise on the affected device.
Advisories on VulDB (ctiid.327345, id.327345) and a related submission detail the vulnerability, while the D-Link website provides general support resources. A proof-of-concept exploit has been publicly disclosed on GitHub (DavCloudz/cve/issues/5) and may be actively used.
Details
- CWE(s)