Cyber Resilience

CVE-2025-1876

MediumPublic PoC

Published: 03 March 2025

Published
03 March 2025
Modified
21 May 2025
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0140 80.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1876 is a medium-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dap-1562 Firmware. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 19.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).

Deeper analysis

A critical stack-based buffer overflow vulnerability designated CVE-2025-1876 affects the D-Link DAP-1562 wireless access point running firmware version 1.10. The flaw resides in the http_request_parse function within the HTTP Header Handler component, where improper handling of the Authorization argument allows an attacker to overflow a stack buffer. The issue is tracked under CWE-119, CWE-121, and CWE-787 and carries a CVSS 4.0 score of 6.9.

An unauthenticated remote attacker can exploit the vulnerability by sending a crafted HTTP request containing an oversized Authorization header. Successful exploitation grants the ability to corrupt memory and potentially execute arbitrary code or cause a denial of service on the affected device. The exploit code has already been made public.

Because the DAP-1562 is an end-of-life product no longer supported by D-Link, no official patches or firmware updates are available. The vendor’s site and public vulnerability databases list the device as unsupported, leaving owners with only network-level controls or device replacement as options.

EPSS remains flat at 0.0140 with no material increase since disclosure, indicating limited observed exploitation interest to date.

EU & UK References

Vulnerability details

A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Affected by this issue is the function http_request_parse of the component HTTP Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The…

more

attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Stack-based buffer overflow in the public-facing HTTP header handler (http_request_parse) of D-Link DAP-1562 access point, triggered remotely without authentication via Authorization header manipulation, enables exploitation of a public-facing application for initial access.

CVEs Like This One

CVE-2025-1877Same product: Dlink Dap-1562
CVE-2026-4184Same vendor: Dlink
CVE-2026-4181Same vendor: Dlink
CVE-2026-4183Same vendor: Dlink
CVE-2026-5212Same vendor: Dlink
CVE-2025-10779Same vendor: Dlink
CVE-2026-4211Same vendor: Dlink
CVE-2025-8184Same vendor: Dlink
CVE-2026-5213Same vendor: Dlink
CVE-2026-4182Same vendor: Dlink

Affected Assets

dlink
dap-1562 firmware
1.10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates the Authorization header input in HTTP requests to prevent stack-based buffer overflows from malformed or oversized data.

prevent

Implements memory protections like stack canaries and address space randomization to mitigate exploitation of stack-based buffer overflows even if invalid input reaches the parser.

prevent

Mandates retirement, replacement, or isolation of end-of-life unsupported devices like the D-Link DAP-1562 to eliminate exposure to unpatchable critical vulnerabilities with public exploits.

References