CVE-2025-7603
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-14

Last updated on: 2025-07-16

Assigner: VulDB

Description
A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. Affected is an unknown function of the file /jingx.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-14
Last Modified
2025-07-16
Generated
2026-05-07
AI Q&A
2025-07-14
EPSS Evaluated
2026-05-05
NVD
CVE-2025-7603
EUVD
EUVD-2025-21344
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
dlink di-8100_firmware 16.07.26a1
dlink di-8100 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-7603 is a critical stack-based buffer overflow vulnerability in the D-Link DI-8100 router firmware version 16.07.26A1. It exists in the jingx_asp function of the HTTP Request Handler component, specifically in the /jingx.asp file. The vulnerability occurs due to improper input handling that allows an attacker to overflow a buffer on the stack by sending specially crafted HTTP requests remotely. This flaw can cause the router to crash or become unresponsive. [1, 2]


How can this vulnerability impact me? :

This vulnerability can be exploited remotely to cause a Denial of Service (DoS) by crashing the router or making it unresponsive. Additionally, because it is a stack-based buffer overflow, it may potentially compromise the confidentiality, integrity, and availability of the affected system. Exploitation requires some level of authentication but is considered easy to execute, and public exploits are available. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking for the presence of the /jingx.asp endpoint on D-Link DI-8100 routers running firmware version 16.07.26A1. One method is to use HTTP requests targeting the /jingx.asp path to see if the device responds, indicating potential vulnerability. Additionally, attackers use Google dorking with the query "inurl:jingx.asp" to identify vulnerable targets. Network scanning tools or curl commands can be used to probe the endpoint. For example, using curl: curl -I http://<target-ip>/jingx.asp to check if the endpoint exists and responds. Monitoring for unusual crashes or DoS conditions on the router may also indicate exploitation attempts. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

No known mitigations or countermeasures have been documented for this vulnerability. The suggested immediate step is to replace the affected D-Link DI-8100 device with an alternative product. Until a patch or fix is available, limiting access to the device and monitoring for exploitation attempts may help reduce risk. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart