Description
A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. Performing a manipulation of the argument NewPortMappingDescription results in buffer overflow. The attack needs to be approached within the local network. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-04-27
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Network Remote Code Execution via buffer overflow
Action: Patch Immediately
AI Analysis

Impact

A buffer overflow exists in the AddPortMapping function of miniupnpd’s upnpsoap.c. When an attacker sends a specially crafted NewPortMappingDescription argument, the vulnerable buffer overflows, potentially allowing execution of arbitrary code on the device. The flaw maps to CWE‑119 and CWE‑120 and requires an attacker to be on the same local network to trigger the exploit. This could lead to a full compromise of the router’s firmware and loss of confidentiality, integrity, and availability.

Affected Systems

D‑Link DIR‑825 routers running firmware versions up to 3.00b32, which are no longer supported. No other vendors or products are reported to be affected.

Risk and Exploitability

The CVSS score of 8.6 classifies this vulnerability as high severity. EPSS is less than 1%, indicating a low frequency of observed exploitation, but public exploits have been released and could be leveraged in environments where an attacker can reach the device over the local network. The vulnerability is not listed in CISA’s Known Exploited Vulnerabilities catalog, yet the combination of a high severity score and local network reachability makes it a significant risk for unattended or exposed devices.

Generated by OpenCVE AI on April 28, 2026 at 13:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any firmware update released by D‑Link for the DIR‑825 that addresses the AddPortMapping buffer overflow. If no update is available, consider replacing the device with a supported model that has no known vulnerability.
  • Disable UPnP or the miniupnpd service on the router to prevent the AddPortMapping function from being reachable, or restrict access to the local network segments that can reach the UPnP port.
  • Configure network segmentation or firewall rules to block inbound traffic to the UPnP port (usually UDP 1900) from untrusted subnets, ensuring that local network devices cannot exploit the vulnerability.

Generated by OpenCVE AI on April 28, 2026 at 13:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 30 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink dir-825
Dlink dir-825 Firmware
CPEs cpe:2.3:h:dlink:dir-825:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-825_firmware:3.00b32:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dir-825
Dlink dir-825 Firmware

Mon, 27 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dir-825
Vendors & Products D-link
D-link dir-825

Mon, 27 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 27 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. Performing a manipulation of the argument NewPortMappingDescription results in buffer overflow. The attack needs to be approached within the local network. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.
Title D-Link DIR-825 miniupnpd upnpsoap.c AddPortMapping buffer overflow
Weaknesses CWE-119
CWE-120
References
Metrics cvssV2_0

{'score': 7.7, 'vector': 'AV:A/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

D-link Dir-825
Dlink Dir-825 Dir-825 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-27T13:30:27.953Z

Reserved: 2026-04-26T07:38:01.719Z

Link: CVE-2026-7069

cve-icon Vulnrichment

Updated: 2026-04-27T13:11:03.798Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-27T00:16:21.237

Modified: 2026-04-30T14:08:48.790

Link: CVE-2026-7069

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T13:15:31Z

Weaknesses