CVE-2025-1103

A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function set_wifi_blacklists of the file /goform/set_wifi_blacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS v3 6.5 MEDIUM
CVSS v2.0 6.8 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:C

Exploitability : 8.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://tasty-foxtrot-3a8.notion.site/D-link-DIR-823X-set_wifi_blacklists-Vulnerability-1870448e619580e5bf09cf628692f7a9?pvs=73	Exploit Third Party Advisory
https://vuldb.com/?ctiid.294933	Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.294933	Third Party Advisory VDB Entry
https://vuldb.com/?submit.489603	Third Party Advisory
https://www.dlink.com/	Product
https://tasty-foxtrot-3a8.notion.site/D-link-DIR-823X-set_wifi_blacklists-Vulnerability-1870448e619580e5bf09cf628692f7a9	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:dlink:dir-823x_firmware:240126:::::::*
	cpe:2.3:o:dlink:dir-823x_firmware:240802:::::::*

cpe:2.3:h:dlink:dir-823x:-:*:*:*:*:*:*:*

History

21 May 2025, 16:51

Type	Values Removed	Values Added
CPE		cpe:2.3:o:dlink:dir-823x_firmware:240802:::::::* cpe:2.3:o:dlink:dir-823x_firmware:240126:::::::* cpe:2.3:h:dlink:dir-823x:-:::::::*
References	~~() https://tasty-foxtrot-3a8.notion.site/D-link-DIR-823X-set_wifi_blacklists-Vulnerability-1870448e619580e5bf09cf628692f7a9?pvs=73 -~~	() https://tasty-foxtrot-3a8.notion.site/D-link-DIR-823X-set_wifi_blacklists-Vulnerability-1870448e619580e5bf09cf628692f7a9?pvs=73 - Exploit, Third Party Advisory
References	~~() https://vuldb.com/?ctiid.294933 -~~	() https://vuldb.com/?ctiid.294933 - Permissions Required, Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?id.294933 -~~	() https://vuldb.com/?id.294933 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.489603 -~~	() https://vuldb.com/?submit.489603 - Third Party Advisory
References	~~() https://www.dlink.com/ -~~	() https://www.dlink.com/ - Product
References	~~() https://tasty-foxtrot-3a8.notion.site/D-link-DIR-823X-set_wifi_blacklists-Vulnerability-1870448e619580e5bf09cf628692f7a9 -~~	() https://tasty-foxtrot-3a8.notion.site/D-link-DIR-823X-set_wifi_blacklists-Vulnerability-1870448e619580e5bf09cf628692f7a9 - Exploit, Third Party Advisory
First Time		Dlink Dlink dir-823x Firmware Dlink dir-823x
Summary		(es) En D-Link DIR-823X 240126/240802 se ha detectado una vulnerabilidad clasificada como problemática que afecta a la función set_wifi_blacklists del archivo /goform/set_wifi_blacklists del componente HTTP POST Request Handler. La manipulación del argumento macList provoca la desreferenciación de un puntero nulo. Es posible iniciar el ataque de forma remota. El exploit se ha hecho público y puede utilizarse.

07 Feb 2025, 16:15

Type	Values Removed	Values Added
References		() https://tasty-foxtrot-3a8.notion.site/D-link-DIR-823X-set_wifi_blacklists-Vulnerability-1870448e619580e5bf09cf628692f7a9 -

07 Feb 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-07 15:15

Updated : 2025-05-21 16:51

NVD link : CVE-2025-1103

Mitre link : CVE-2025-1103

CVE.ORG link : CVE-2025-1103

JSON object : View

Products Affected

dlink

dir-823x_firmware
dir-823x

CWE

CWE-404

Improper Resource Shutdown or Release

CWE-476

NULL Pointer Dereference

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

6.8 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2025-1103

6.5^/10

6.8^/10

Attach tags to `CVE-2025-1103`