Multiple Adobe Commerce and Magento Vulnerabilities
May 26, 2025DOUBLELOADER Malware Evades Detection with ALCATRAZ – Active IOCs
May 26, 2025Multiple Adobe Commerce and Magento Vulnerabilities
May 26, 2025DOUBLELOADER Malware Evades Detection with ALCATRAZ – Active IOCs
May 26, 2025Severity
High
Analysis Summary
CVE-2025-25891 CVSS:7.5
D-Link DSL-3782 is vulnerable to a buffer overflow, caused by improper bounds checking. By sending a specially crafted packet, a remote attacker could overflow a buffer and cause the application to crash.
CVE-2025-25892 CVSS:9.8
D-Link DSL-3782 is vulnerable to a buffer overflow, caused by improper bounds checking for sstartip, sendip, dstartip, and dendip parameters. By sending a specially crafted packet, a remote attacker could overflow a buffer and cause the application to crash.
CVE-2025-25893 CVSS:9.8
D-Link DSL-3782 could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. By sending a specially-crafted request in the inIP, insPort, inePort, exsPort, exePort, and protocol parameters, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2025-25894 CVSS:9.8
D-Link DSL-3782 could allow a remote attacker to execute arbitrary commands on the system, caused by a OS command injection vulnerability. By sending a specially crafted request in the samba_wg and samba_nbn parameters, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2025-25895 CVSS:9.8
D-Link DSL-3782 could allow a remote attacker to execute arbitrary commands on the system, caused by a OS command injection vulnerability. By sending a specially crafted request in the public_type parameters, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2025-25896 CVSS:9.8
D-Link DSL-3782 is vulnerable to a buffer overflow, caused by improper bounds checking for destination, netmask, and gateway parameters . By sending a specially crafted packet, a remote attacker could overflow a buffer and cause the application to crash.
Impact
- Buffer Overflow
- Gain Access
Indicators of Compromise
CVE
CVE-2025-25891
CVE-2025-25892
CVE-2025-25893
CVE-2025-25894
CVE-2025-25895
CVE-2025-25896
Affected Vendors
- D-Link
Affected Products
- D-Link DSL-3782 1.01
Remediation
Refer to the D-Link Website for patch, upgrade, or suggested workaround information.