CVE-2025-7911

High

Published: 20 July 2025

Published

20 July 2025

Modified

08 August 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0031 53.9th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7911 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Di-8100 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 46.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Flaw remediation requires timely patching of the stack-based buffer overflow in the jhttpd component's sprintf function to eliminate the vulnerability.

SI-10 Information Input Validation good match

prevent

Information input validation enforces bounds checking and sanitization of remove_ext_proto/remove_ext_port arguments before processing by sprintf, preventing the buffer overflow.

SI-16 Memory Protection good match

prevent

Memory protection mechanisms such as stack canaries, ASLR, and DEP directly mitigate exploitation of the stack-based buffer overflow for arbitrary code execution.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Stack-based buffer overflow in public-facing jhttpd web interface (/upnp_ctrl.asp) enables remote arbitrary code execution over the network.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability classified as critical was found in D-Link DI-8100 1.0. This vulnerability affects the function sprintf of the file /upnp_ctrl.asp of the component jhttpd. The manipulation of the argument remove_ext_proto/remove_ext_port leads to stack-based buffer overflow. The attack can be…

initiated remotely. The exploit has been disclosed to the public and may be used.

Deeper analysisAI

CVE-2025-7911 is a critical stack-based buffer overflow vulnerability affecting D-Link DI-8100 version 1.0. The flaw resides in the sprintf function within the /upnp_ctrl.asp file of the jhttpd component, triggered by manipulation of the arguments remove_ext_proto and remove_ext_port. It is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

The vulnerability enables remote exploitation by an attacker with low privileges, requiring network access but no user interaction. Successful exploitation can result in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution through the buffer overflow.

Advisories referenced in VulDB entries (ctiid.317026, id.317026, submit.618640, submit.618641) and a GitHub repository (buobo/bo-s-CVE/blob/main/DI-8100/upnp_ctrl_asp.md) disclose a public exploit, providing technical details for security practitioners to review for mitigation strategies.

The exploit has been publicly disclosed, increasing the risk of active exploitation against unpatched D-Link DI-8100 devices.

Details

CWE(s): CWE-119 CWE-121

Affected Products

dlink

di-8100 firmware

1.0

CVEs Like This One

CVE-2026-7851Same product: Dlink Di-8100

CVE-2025-7790Same product: Dlink Di-8100

CVE-2025-7908Same product: Dlink Di-8100

CVE-2025-7762Same product: Dlink Di-8100

CVE-2026-7247Same product: Dlink Di-8100

CVE-2026-7854Same product: Dlink Di-8100

CVE-2026-7248Same product: Dlink Di-8100

CVE-2026-7853Same product: Dlink Di-8100

CVE-2026-7857Same product: Dlink Di-8100

CVE-2026-7856Same product: Dlink Di-8100

References

https://github.com/buobo/bo-s-CVE/blob/main/DI-8100/upnp_ctrl_asp.md
Broken Link · cna@vuldb.com
https://vuldb.com/?ctiid.317026
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.317026
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.618640
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.618641
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.dlink.com/
Product · cna@vuldb.com
https://github.com/buobo/bo-s-CVE/blob/main/DI-8100/upnp_ctrl_asp.md
Broken Link · 134c704f-9b21-4f2e-91b3-4a467353bcc0