What critical vulnerability was found in D-Link DIR-825 routers?

Security researchers are reporting a critical buffer overflow vulnerability tracked as CVE-2025-7206 (CVSS score 9.3) in D-Link DIR-825 routers that enables remote attackers to cause denial-of-service conditions without authentication.

Who discovered the D-Link DIR-825 vulnerability?

The flaw was discovered by security researcher iC0rner (Mingjie Liang) who identified the buffer overflow condition in the router's language parameter processing.

Which D-Link router versions are affected by CVE-2025-7206?

The vulnerability affects D-Link DIR-825 Rev.B 2.10 firmware versions. These are older router models that are no longer supported by the manufacturer.

Do attackers need authentication to exploit this D-Link vulnerability?

No, the vulnerability enables remote attackers to cause denial-of-service conditions without authentication, making it particularly dangerous as no credentials are required to exploit the flaw.

How serious is the CVE-2025-7206 vulnerability?

The vulnerability has a CVSS score of 9.3, making it a critical severity issue that can cause denial-of-service conditions and crash the router's web service remotely without authentication.

Are patches available for the D-Link DIR-825 vulnerability?

Unfortunately, the vulnerability affects products that are no longer supported by the maintainer, meaning no security patches will be released to fix this critical flaw.

What should users do to protect their D-Link DIR-825 routers?

Users should isolate the web interface of the router from any public networks and consider replacing the router with a supported model since no patches are available for this end-of-life product.

What happens when the D-Link vulnerability is successfully exploited?

When successfully exploited, the vulnerability triggers memory corruption and causes the device's web service to crash, resulting in a denial-of-service condition that affects the router's web management interface.

Why is this D-Link vulnerability particularly concerning?

This vulnerability is particularly concerning because it affects end-of-life products that will not receive security patches, requires no authentication to exploit, has a critical CVSS score of 9.3, and can be triggered remotely to crash the router's web service.

What component of the D-Link router contains the vulnerability?

The vulnerability exists in the router's httpd binary, specifically in the language parameter processing logic that handles requests through the switch_language.cgi script and stores values in nvram.

Advisory

Critical buffer overflow flaw reported in D-Link DIR-825 routers

Q: What causes the CVE-2025-7206 vulnerability in D-Link routers?

The vulnerability is caused by insufficient input validation in the router's httpd binary when processing language parameters through the switch_language.cgi script, allowing attackers to trigger memory corruption and crash the device's web service.

published: July 11, 2025

Take action: If you have a D-Link DIR-825 router, isolate its web interface from any public networks and block external access since this model is no longer supported with security updates. Consider replacing the router since it won't be getting any patches. And other flaws will be found.

Learn More

Security researchers are reporting a critical buffer overflow vulnerability in D-Link DIR-825 routers that enables remote attackers to cause denial-of-service conditions without authentication.

The vulnerability is tracked as CVE-2025-7206 (CVSS score 9.3) and is caused by insufficient input validation in the router's httpd binary when processing language parameters through the switch_language.cgi script, allowing attackers to trigger memory corruption and crash the device's web service.

Attackers can submit a malicious language parameter via the switch_language.cgi script. This value gets stored in nvram through the router's configuration management system. Subsequently, when users access any ASP page containing specific script tags that reference language-dependent JavaScript files, the router retrieves the stored language value and processes it through multiple parsing functions, triggering a buffer overflow condition, causing the web service to crash.

The flaw was discovered by security researcher iC0rner (Mingjie Liang). It affects D-Link DIR-825 Rev.B 2.10 firmware versions. Unfortunately, the vulnerability affects products that are no longer supported by the maintainer. Users should isolate the web interface of the router from any public networks, and consider replacing the router.

Critical buffer overflow flaw reported in D-Link DIR-825 routers

Read More
Critical N-able N-central vulnerabilities actively exploited
SmarterTools Patches Critical Unauthenticated RCE and Active Exploits …
Juniper J-Web Junos OS Vulnerabilities Combined in Cybercrime …
Critical flaws reported in end-of-life D-Link DIR-816 routers
Critical command injection vulnerabilities in TP-Link Omada Gateways …