Critical D-Link Vulnerability Lets Remote Attackers Crash Servers Without Authentication
Posted: Sun Jul 13, 2025 2:05 pm
Security researchers have discovered a critical stack-based buffer overflow vulnerability in D-Link DIR-825 Rev.B 2.10 routers that allows remote attackers to crash servers without requiring authentication.
The vulnerability, designated as CVE-2025-7206, affects the router’s httpd binary and can be exploited by manipulating the language parameter in the switch_language.cgi script.
This flaw poses significant risks to network infrastructure, as attackers can cause denial-of-service conditions by sending specially crafted requests to vulnerable devices.
https://gbhackers.com/critical-d-link-vulnerability/
The vulnerability, designated as CVE-2025-7206, affects the router’s httpd binary and can be exploited by manipulating the language parameter in the switch_language.cgi script.
This flaw poses significant risks to network infrastructure, as attackers can cause denial-of-service conditions by sending specially crafted requests to vulnerable devices.
https://gbhackers.com/critical-d-link-vulnerability/