CVE-2025-1876
Published: 03 March 2025
Summary
CVE-2025-1876 is a medium-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dap-1562 Firmware. Its CVSS base score is 6.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 19.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).
Deeper analysis
A critical stack-based buffer overflow vulnerability designated CVE-2025-1876 affects the D-Link DAP-1562 wireless access point running firmware version 1.10. The flaw resides in the http_request_parse function within the HTTP Header Handler component, where improper handling of the Authorization argument allows an attacker to overflow a stack buffer. The issue is tracked under CWE-119, CWE-121, and CWE-787 and carries a CVSS 4.0 score of 6.9.
An unauthenticated remote attacker can exploit the vulnerability by sending a crafted HTTP request containing an oversized Authorization header. Successful exploitation grants the ability to corrupt memory and potentially execute arbitrary code or cause a denial of service on the affected device. The exploit code has already been made public.
Because the DAP-1562 is an end-of-life product no longer supported by D-Link, no official patches or firmware updates are available. The vendor’s site and public vulnerability databases list the device as unsupported, leaving owners with only network-level controls or device replacement as options.
EPSS remains flat at 0.0140 with no material increase since disclosure, indicating limited observed exploitation interest to date.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-5570
Vulnerability details
A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Affected by this issue is the function http_request_parse of the component HTTP Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The…
more
attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the public-facing HTTP header handler (http_request_parse) of D-Link DAP-1562 access point, triggered remotely without authentication via Authorization header manipulation, enables exploitation of a public-facing application for initial access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly validates the Authorization header input in HTTP requests to prevent stack-based buffer overflows from malformed or oversized data.
Implements memory protections like stack canaries and address space randomization to mitigate exploitation of stack-based buffer overflows even if invalid input reaches the parser.
Mandates retirement, replacement, or isolation of end-of-life unsupported devices like the D-Link DAP-1562 to eliminate exposure to unpatchable critical vulnerabilities with public exploits.