CVE-2025-11338 | D-Link DI-7100G C1 up to 20250928 jhttpd /webchat/login.cgi sub_4C0990 openid buffer overflow

Inserito da Angelo Barbosa | Ott 5, 2025 | CVE

A vulnerability described as critical has been identified in D-Link DI-7100G C1 up to 20250928. This vulnerability affects the function sub_4C0990 of the file /webchat/login.cgi of the component jhttpd. Executing manipulation of the argument openid can lead to buffer overflow.

This vulnerability is registered as CVE-2025-11338. It is possible to launch the attack remotely. Furthermore, an exploit is available.

CVE-2025-11338 | D-Link DI-7100G C1 up to 20250928 jhttpd /webchat/login.cgi sub_4C0990 openid buffer overflow

Post correlati

CVE-2024-32866 | edmundhung conform up to 1.1.0 parseWith prototype pollution (GHSA-624g-8qjg-8qxf)

CVE-2024-28825 | Checkmk up to 2.0.0p39/2.1.0p42/2.2.0p25/2.3.0b4 excessive authentication

CVE-2024-0268 | Kashipara Hospital Management System up to 1.0 registration.php name/email/pass/gender/age/city sql injection

CVE-2023-6324 | ThroughTek Kalay SDK up to 3.1.10.16/3.3.6.1/3.4.7.3/4.3.3.1 PSK Identity uninitialized variable