| Title | D-Link DIR-825 C1_FW3.00b32 Buffer Overflow |
|---|
| Description | A stack-based buffer overflow exists in the `miniupnpd` implementation used by D-Link DIR-825. The issue is reachable through the LAN-side UPnP SOAP interface during `AddPortMapping` processing.
An attacker on the local network can send a crafted `AddPortMapping` request with an oversized `NewPortMappingDescription` value. When the request updates an existing port mapping, the description is written to a fixed-size stack buffer via `sprintf()` without length validation, leading to memory corruption. |
|---|
| Source | ⚠️ https://tzh00203.notion.site/D-Link-DIR-825-miniupnpd-AddPortMapping-Stack-Overflow-337b5c52018a8028988ecc9daded409e |
|---|
| User | tian (UID 93438) |
|---|
| Submission | 04/07/2026 13:06 (20 days ago) |
|---|
| Moderation | 04/26/2026 09:38 (19 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 359644 [D-Link DIR-825 up to 3.00b32 miniupnpd upnpsoap.c AddPortMapping NewPortMappingDescription buffer overflow] |
|---|
| Points | 17 |
|---|