CVE Alert: CVE-2025-11339 - D-Link - DI-7100G C1

CVE-2025-11339

HIGHNo exploitation known

A vulnerability has been found in D-Link DI-7100G C1 up to 20250928. This issue affects the function sub_4BD4F8 of the file /webchat/hi_block.asp of the component jhttpd. The manipulation of the argument popupId leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS v3.1 (8.8)

Vendor

D-Link

Product

DI-7100G C1

Versions

20250928

CWE

CWE-120, Buffer Overflow

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Published

2025-10-06T16:32:09.380Z

Updated

2025-10-06T17:16:06.762Z

References

https://vuldb.com/?id.327222

https://vuldb.com/?ctiid.327222

https://vuldb.com/?submit.664635

https://www.yuque.com/jh0ng/vmpda6/zr11zfssl8h74bn3

https://www.yuque.com/jh0ng/vmpda6/zr11zfssl8h74bn3#Wjajr

https://www.dlink.com/

AI Summary Analysis

Risk verdict

High risk due to remote buffer overflow in jhttpd with publicly disclosed exploit; exploitation can occur without user interaction.

Why this matters

The vulnerability enables remote code execution on the device, potentially yielding full control, data exposure, and disruption of network services. In environments where DI-7100G C1 provides gateway or management access, an attacker could pivot to other network assets and impair business continuity.

Most likely attack path

Attack begins with a crafted request to /webchat/hi_block.asp using a manipulated popupId, exploiting a memory corruption flaw. No user interaction is required and the attacker needs only low privileges on the device to trigger the flaw; successful exploitation yields high-impact C/I/A damage. Given AV:N and UI:N, exploitation is straightforward from remote locations if the device is reachable from the attacker’s network, increasing lateral-movement risk within exposed network segments.

Who is most exposed

Devices deployed in SMB/branch networks with exposed management interfaces or default/weak access controls are particularly at risk; environments using this legacy D-Link gateway/voice-access setup are most vulnerable.

Detection ideas

Unusual spikes in processor load or crashes tied to /webchat/hi_block.asp requests
Repeated or malformed requests targeting popupId parameters in jhttpd logs
Memory corruption indicators: abnormal core dumps, reboot loops, or service restarts
IDS/IPS signatures for known PoC patterns related to this CVE
Anomalous authentication attempts to the device’s management interface

Mitigation and prioritisation

Apply vendor patch/firmware update (20250928 or newer) as a priority as soon as available
Disable or restrict remote management exposure; implement network segmentation and allow management only from trusted nets
Enforce strong access controls and rotate credentials; monitor for unusual admin activity
If patching is delayed, implement compensating controls: firewall rules, WAF/IPS where feasible, and strict egress monitoring
Change-management: schedule a patch window, test in a staging segment, and verify post-update health
Treat as priority 1 if KEV or EPSS ≥ 0.5 is confirmed through authoritative feeds (not assumed here)

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: CVE, cve-2025-11339, d-link, di-7100g-c1, OSINT, threatintel

CVE Alert: CVE-2025-11339 – D-Link – DI-7100G C1