A vulnerability was found in D-Link DI-500WF 17.04.10A1T. It has been declared as critical. Affected by this vulnerability is the function sprintf of the file ip_position.asp of the component jhttpd. The manipulation of the argument ip leads to stack-based buffer overflow.

This vulnerability is known as CVE-2025-7194. The attack can be launched remotely. Furthermore, there is an exploit available.