{ "id": "CVE-2025-1539", "sourceIdentifier": "cna@vuldb.com", "published": "2025-02-21T15:15:12.830", "lastModified": "2025-02-25T20:29:38.367", "vulnStatus": "Analyzed", "cveTags": [ { "sourceIdentifier": "cna@vuldb.com", "tags": [ "unsupported-when-assigned" ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in D-Link DAP-1320 1.00. Affected by this issue is the function replace_special_char of the file /storagein.pd-XXXXXX. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer." }, { "lang": "es", "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en D-Link DAP-1320 1.00. Este problema afecta a la funci\u00f3n replace_special_char del archivo /storagein.pd-XXXXXX. La manipulaci\u00f3n provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Esta vulnerabilidad solo afecta a los productos que ya no reciben soporte del fabricante." } ], "metrics": { "cvssMetricV40": [ { "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED" } } ], "cvssMetricV31": [ { "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.8, "impactScore": 5.9 }, { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "baseScore": 9.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE" }, "baseSeverity": "HIGH", "exploitabilityScore": 8.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "cna@vuldb.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-119" }, { "lang": "en", "value": "CWE-121" } ] }, { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-787" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:dlink:dap-1320_firmware:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "DD16A696-CC8A-489B-9930-DC3457FEF2E8" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:dlink:dap-1320:-:*:*:*:*:*:*:*", "matchCriteriaId": "87CC92EB-3439-4FD1-9439-8DFF5D8BCDB8" } ] } ] } ], "references": [ { "url": "https://legacy.us.dlink.com/pages/product.aspx?id=4b2bbe2e3f1d440ea65bc56c7e3dcc5c", "source": "cna@vuldb.com", "tags": [ "Product" ] }, { "url": "https://tasty-foxtrot-3a8.notion.site/D-link-DAP-1320-replace_special_char-Vulnerability-1960448e6195809c94f9fd2ff1f59bcf?pvs=4", "source": "cna@vuldb.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://vuldb.com/?ctiid.296480", "source": "cna@vuldb.com", "tags": [ "Permissions Required" ] }, { "url": "https://vuldb.com/?id.296480", "source": "cna@vuldb.com", "tags": [ "Permissions Required" ] }, { "url": "https://vuldb.com/?submit.497496", "source": "cna@vuldb.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.dlink.com/", "source": "cna@vuldb.com", "tags": [ "Product" ] } ] }