CVE-2025-7762
Published: 17 July 2025
Summary
CVE-2025-7762 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Di-8100 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 42.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation directly addresses the stack-based buffer overflow by applying vendor patches or updates to the vulnerable D-Link DI-8100 firmware.
Information input validation in the HTTP Request Handler prevents buffer overflows by ensuring proper bounds checking on inputs to /menu_nat_more.asp.
Memory protection mechanisms like stack canaries and ASLR mitigate exploitation of the stack-based buffer overflow even if invalid input reaches the handler.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in public-facing HTTP handler (/menu_nat_more.asp) on network device directly enables remote exploitation of the exposed web interface.
NVD Description
A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07.26A1. This issue affects some unknown processing of the file /menu_nat_more.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. The attack may…
more
be initiated remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-7762 is a critical stack-based buffer overflow vulnerability (CWE-119, CWE-121) in the D-Link DI-8100 router running firmware version 16.07.26A1. The flaw affects an unknown processing function within the HTTP Request Handler component, specifically triggered by manipulation of the /menu_nat_more.asp file.
The vulnerability can be exploited remotely by an attacker with low privileges (PR:L), requiring low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation grants high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), with an overall CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The exploit has been publicly disclosed and may be used by attackers.
Advisories on VulDB (ctiid.316757, id.316757, submit.615796) and a GitHub repository provide details on the vulnerability, including proof-of-concept exploit information for the /menu_nat_more.asp endpoint. The D-Link website is referenced as a source, though specific patch or mitigation guidance is not detailed in the available references.
Details
- CWE(s)