CVE-2025-0492

HighPublic PoC

Published: 15 January 2025

Published

15 January 2025

Modified

24 September 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0086 75.1th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability has been found in D-Link DIR-823X 240126/240802 and classified as critical. Affected by this vulnerability is the function FUN_00412244. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Security Summary

CVE-2025-0492 is a critical vulnerability affecting D-Link DIR-823X routers on firmware versions 240126 and 240802. The issue resides in the function FUN_00412244, where manipulation triggers a null pointer dereference, mapped to CWE-404 and CWE-476. Published on 2025-01-15, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Unauthenticated attackers can exploit this remotely with low complexity and no user interaction required. Exploitation leads to a denial of service through high availability disruption, with no impact on confidentiality or integrity.

VulDB advisories detail the vulnerability, including submission records, while the D-Link website serves as a reference for vendor information. The exploit has been publicly disclosed and may be used.

Details

CWE(s): CWE-404CWE-476

Affected Products

dlink

dir-823x firmware

240126, 240802

References

https://tasty-foxtrot-3a8.notion.site/D-link-DIR-823X-FUN_00412244-NULL-Pointer-Dereference-1730448e619580fcb7f9d871c6e7190a
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.291937
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.291937
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.475301
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.dlink.com/
Product · cna@vuldb.com