CVE-2025-1103
Published: 07 February 2025
Description
A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function set_wifi_blacklists of the file /goform/set_wifi_blacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Security Summary
CVE-2025-1103 is a problematic vulnerability in D-Link DIR-823X routers running firmware versions 240126 and 240802. It resides in the set_wifi_blacklists function within the file /goform/set_wifi_blacklists of the HTTP POST Request Handler component. The flaw is triggered by manipulating the macList argument, resulting in a null pointer dereference (CWE-404, CWE-476).
A remote attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. The CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) reflects a high availability impact through device crash or denial of service, with no effects on confidentiality or integrity.
Advisories reference a detailed Notion page on the vulnerability, multiple VULDB entries including submission details, and the D-Link website. The exploit has been publicly disclosed and may be used by attackers.
Details
- CWE(s)