CVE-2025-7790
Published: 18 July 2025
Summary
CVE-2025-7790 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Di-8100 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 49.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly validates manipulated HTTP arguments (out_addr, in_addr, out_port, proto) to prevent stack-based buffer overflow in the /menu_nat.asp handler.
Implements memory protections such as stack canaries and non-executable stacks to mitigate stack-based buffer overflow exploitation.
Requires timely flaw remediation through firmware updates to eliminate the buffer overflow vulnerability in D-Link DI-8100 version 16.07.26A1.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the HTTP Request Handler (/menu_nat.asp) of a network device web interface directly enables remote exploitation for code execution (T1190).
NVD Description
A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. This affects an unknown part of the file /menu_nat.asp of the component HTTP Request Handler. The manipulation of the argument out_addr/in_addr/out_port/proto leads to stack-based buffer overflow.…
more
It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-7790 is a critical stack-based buffer overflow vulnerability in the HTTP Request Handler component of D-Link DI-8100 firmware version 16.07.26A1. The issue resides in an unknown part of the file /menu_nat.asp and is triggered by manipulating the arguments out_addr, in_addr, out_port, or proto. It is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), earning a CVSS v3.1 base score of 8.8.
The vulnerability can be exploited remotely over the network with low complexity and no user interaction required. Exploitation requires low privileges (PR:L), allowing authenticated users with minimal access to trigger the buffer overflow. Successful attacks can result in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H), potentially enabling remote code execution on the affected device.
Advisories from VulDB detail the vulnerability and reference a public exploit disclosure on GitHub, which includes a proof-of-concept for the /menu_nat.asp endpoint. No specific patches are mentioned in the provided references, though the D-Link website should be consulted for firmware updates. Security practitioners are advised to restrict access to the affected endpoint and monitor for exploitation attempts given the public availability of the exploit.
Details
- CWE(s)