{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-11339","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-10-05T22:09:06.624Z","datePublished":"2025-10-06T16:32:09.380Z","dateUpdated":"2025-10-06T17:16:06.762Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-10-06T16:32:09.380Z"},"title":"D-Link DI-7100G C1 jhttpd hi_block.asp sub_4BD4F8 buffer overflow","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-120","lang":"en","description":"Buffer Overflow"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-119","lang":"en","description":"Memory Corruption"}]}],"affected":[{"vendor":"D-Link","product":"DI-7100G C1","versions":[{"version":"20250928","status":"affected"}],"modules":["jhttpd"]}],"descriptions":[{"lang":"en","value":"A vulnerability has been found in D-Link DI-7100G C1 up to 20250928. This issue affects the function sub_4BD4F8 of the file /webchat/hi_block.asp of the component jhttpd. The manipulation of the argument popupId leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."},{"lang":"de","value":"In D-Link DI-7100G C1 up to 20250928 wurde eine Schwachstelle gefunden. Es betrifft die Funktion sub_4BD4F8 der Datei /webchat/hi_block.asp der Komponente jhttpd. Dank der Manipulation des Arguments popupId mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgeführt werden. Die Schwachstelle wurde öffentlich offengelegt und könnte ausgenutzt werden."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":8.7,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P","baseSeverity":"HIGH"}},{"cvssV3_1":{"version":"3.1","baseScore":8.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":8.8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":9,"vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-10-05T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-10-06T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-10-06T17:33:32.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"sheratan (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.327222","name":"VDB-327222 | D-Link DI-7100G C1 jhttpd hi_block.asp sub_4BD4F8 buffer overflow","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.327222","name":"VDB-327222 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.664635","name":"Submit #664635 | D-Link DI-7100G C1 Buffer Overflow","tags":["third-party-advisory"]},{"url":"https://www.yuque.com/jh0ng/vmpda6/zr11zfssl8h74bn3","tags":["related"]},{"url":"https://www.yuque.com/jh0ng/vmpda6/zr11zfssl8h74bn3#Wjajr","tags":["exploit"]},{"url":"https://www.dlink.com/","tags":["product"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-10-06T17:00:37.173521Z","id":"CVE-2025-11339","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-06T17:16:06.762Z"}}]}}