Details of VAR-202503-0137

ID

VAR-202503-0137

CVE

CVE-2025-1876

TITLE

D-Link DAP-1562 Stack Buffer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-04610

DESCRIPTION

A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Affected by this issue is the function http_request_parse of the component HTTP Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link DAP-1562 is a wireless bridge produced by D-Link of China. The vulnerability is caused by a stack buffer overflow in the HTTP Header Handler, which may lead to remote attacks. Attackers can use this vulnerability to execute arbitrary code on the device, resulting in damage to the confidentiality, integrity and availability of the device

Trust: 1.44

sources: NVD: CVE-2025-1876 // CNVD: CNVD-2025-04610

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-04610

AFFECTED PRODUCTS

vendor:

d link

model:

d-link dap-1562

scope:

version:

1.10

Trust: 0.6

sources: CNVD: CNVD-2025-04610

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-1876
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-04610
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-1876
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2025-04610
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-1876
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	3.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-04610 // NVD: CVE-2025-1876

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-119	Trust: 1.0

sources: NVD: CVE-2025-1876

EXTERNAL IDS

db:	NVD	id:	CVE-2025-1876	Trust: 1.6
db:	VULDB	id:	298190	Trust: 1.0
db:	CNVD	id:	CNVD-2025-04610	Trust: 0.6

sources: CNVD: CNVD-2025-04610 // NVD: CVE-2025-1876

REFERENCES

url:	https://vuldb.com/?submit.506106	Trust: 1.0
url:	https://www.dlink.com/	Trust: 1.0
url:	https://vuldb.com/?ctiid.298190	Trust: 1.0
url:	https://witty-maiasaura-083.notion.site/d-link-dap-1562-http_request_parse-vulnerability-1a4b2f2a636180a2a67de271ad5fe6d7	Trust: 1.0
url:	https://vuldb.com/?id.298190	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-1876	Trust: 0.6

sources: CNVD: CNVD-2025-04610 // NVD: CVE-2025-1876

SOURCES

db:	CNVD	id:	CNVD-2025-04610
db:	NVD	id:	CVE-2025-1876

LAST UPDATE DATE

2025-03-08T23:38:17.807000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-04610	date:	2025-03-07T00:00:00
db:	NVD	id:	CVE-2025-1876	date:	2025-03-04T17:15:14.313

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-04610	date:	2025-03-07T00:00:00
db:	NVD	id:	CVE-2025-1876	date:	2025-03-03T17:15:14.517