CVE-2026-7289:
A remotely exploitable buffer overflow vulnerability exists in D-Link DIR-825M firmware version 1.1.12, triggered via the `submit-url` argument in the `sub_414BA8` function of `/boafrm/formWanConfigSetup`.
Score
A numerical rating that indicates how dangerous this vulnerability is.
8.8High- Published Date:Apr 28, 2026
- CISA KEV Date:*No Data*
- Industries Affected:20
Exploitability
- Score:2.8
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:LOW
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
A remotely exploitable buffer overflow vulnerability exists in D-Link DIR-825M firmware version 1.1.12, triggered via the `submit-url` argument in the `sub_414BA8` function of `/boafrm/formWanConfigSetup`.
Overview
CVE-2026-7289 affects the D-Link DIR-825M router at firmware version 1.1.12 and presents a critical attack surface through its WAN configuration setup endpoint. The vulnerable function `sub_414BA8` in `/boafrm/formWanConfigSetup` fails to properly validate the length of the `submit-url` parameter before copying it into a fixed-size buffer, resulting in a classic stack or heap buffer overflow condition. The attack is network-accessible, requires only low-level authentication, and demands no user interaction, making it highly exploitable in environments where the device's web management interface is reachable. With a publicly available proof-of-concept exploit and a CVSS v3.1 score of 8.8, this vulnerability poses a high risk to affected deployments and could allow an attacker to achieve full remote code execution on the device.
Remediation
- At the time of publication, no official firmware patch from D-Link has been confirmed for this vulnerability. Users are strongly advised to monitor the D-Link security advisory page for firmware updates addressing CVE-2026-7289 and apply them immediately upon release. In the interim, administrators should restrict access to the router's web management interface by disabling remote management and limiting access to trusted internal hosts only. Where possible, placing the management interface behind a firewall or VPN will reduce exposure. Organizations should also consider replacing end-of-life D-Link devices that no longer receive security updates with actively supported alternatives.
References
- - [CVE-2026-7289 - NVD](https://nvd.nist.gov/vuln/detail/CVE-2026-7289)
- - [VulDB Entry 359947](https://vuldb.com/vuln/359947)
- - [VulDB CTI Entry 359947](https://vuldb.com/vuln/359947/cti)
- - [VulDB Submission 803025](https://vuldb.com/submit/803025)
- - [Public PoC - GitHub (Kiciot/cve Issue #3)](https://github.com/Kiciot/cve/issues/3)
- - [D-Link Official Website](https://www.dlink.com/)
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
