Vulnerability Database

302,032

Total vulnerabilities in the database

CVE-2025-3538

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been rated as critical. This issue affects the function auth_asp of the file /auth.asp of the component jhttpd. The manipulation of the argument callback leads to stack-based buffer overflow. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used.

Published: Apr 13, 2025
Updated: Jul 17, 2025
CVE: CVE-2025-3538
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-119
CWE-121
CWE-787

Affected Software
References

Software	From	Fixed in
dlink / di-8100_firmware	16.07.26a1	16.07.26a1.x

https://github.com/Fizz-L/CVE1/blob/main/DI-8100Command%20execution2.md
https://vuldb.com/?ctiid.304577
https://vuldb.com/?id.304577
https://vuldb.com/?submit.524224
https://www.dlink.com/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo