CVE-2026-7068

High

Published: 27 April 2026

Published

27 April 2026

Modified

29 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0010 27.4th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD_process of the file sserver.c of the component nmbd. Such manipulation leads to buffer overflow. The attack can only be initiated within the local network. The exploit is…

publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.

Mitigating Controls (NIST 800-53 r5)AI

SA-22 Unsupported System Components good match

prevent

Prohibits use of end-of-support system components like the vulnerable D-Link DIR-825 firmware 3.00b32, directly preventing deployment of unpatchable devices.

SI-2 Flaw Remediation good match

prevent

Requires timely remediation of identified flaws such as this buffer overflow, mandating replacement or isolation of affected unsupported routers since no vendor patch exists.

SC-7 Boundary Protection good match

prevent

Enforces boundary protection to monitor and control network traffic, blocking specially crafted NetBIOS packets from adjacent network attackers targeting the nmbd service.

Security SummaryAI

CVE-2026-7068 is a stack-based buffer overflow vulnerability in the NMBD_process function within the sserver.c file of the nmbd component on D-Link DIR-825 routers running firmware version 3.00b32. This flaw, associated with CWE-119 and CWE-120, allows remote attackers to trigger the overflow by sending specially crafted packets to the NetBIOS Name Service. The vulnerability carries a CVSS v3.1 base score of 8.8, reflecting its high severity due to the potential for significant impact.

Attackers on the adjacent network (AV:A) can exploit this vulnerability without authentication (PR:N) or user interaction (UI:N), leading to high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). Successful exploitation could enable arbitrary code execution, potentially allowing full compromise of the affected router, such as data theft, modification of configurations, or denial of service.

Advisories from sources like VULDB and a detailed Notion page confirm the exploit is publicly available and note that only end-of-support D-Link DIR-825 devices are affected, with no patches or updates provided by the vendor. The official D-Link website provides general product information but no specific mitigation for this issue.

In notable context, the public availability of the exploit increases the risk of real-world abuse against legacy, unsupported routers still in use on local networks.

Details

CWE(s): CWE-119 CWE-120

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

Why these techniques?

Stack-based buffer overflow in NetBIOS Name Service (nmbd) on router allows remote unauthenticated arbitrary code execution from adjacent network, directly enabling exploitation of remote services.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References

https://tzh00203.notion.site/D-Link-DIR-825-nmbd-NetBIOS-Name-Service-Stack-Based-Buffer-Overflow-337b5c52018a80cea1e8d56689928114
cna@vuldb.com
https://vuldb.com/submit/798646
cna@vuldb.com
https://vuldb.com/vuln/359643
cna@vuldb.com
https://vuldb.com/vuln/359643/cti
cna@vuldb.com
https://www.dlink.com/
cna@vuldb.com