D-Link DIR-825M Buffer Overflow (CVE-2026-7288) Publicly Disclosed

/HIGH /CVSS 8.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitybuffer-overflowcwe-119cwe-120
D-Link DIR-825M Buffer Overflow (CVE-2026-7288) Publicly Disclosed

The National Vulnerability Database has detailed a high-severity buffer overflow vulnerability, CVE-2026-7288, impacting D-Link DIR-825M firmware version 1.1.12. This flaw resides within the sub_4151FC function of the /boafrm/formVpnConfigSetup file. Attackers can trigger the vulnerability by manipulating the submit-url argument, leading to remote code execution or denial of service.

This isn’t a theoretical risk; the exploit for CVE-2026-7288 has been publicly disclosed. This dramatically lowers the bar for attackers, meaning even less sophisticated threat actors can leverage this flaw. With a CVSS score of 8.8, D-Link DIR-825M devices running the affected firmware are critical targets for opportunistic exploitation.

Defenders must recognize that D-Link routers are common perimeter devices in SMBs and home offices. A publicly available exploit for a remote buffer overflow on such a device is an immediate call to action. It enables attackers to establish a foothold, pivot deeper into networks, or simply disrupt operations. The attacker’s calculus here is straightforward: widespread device, easy exploit, high impact.

What This Means For You

  • If your organization or any remote employees use D-Link DIR-825M routers, especially firmware version 1.1.12, consider them compromised until proven otherwise. Immediately verify your router's firmware version and check for any available security updates from D-Link. If no patch is available, prioritize replacing these devices or isolating them from critical internal networks.

Indicators of Compromise

IDTypeIndicator
CVE-2026-7288 Vulnerability CVE-2026-7288

Written by SCW Vulnerability Desk

🔎
Track Critical Vulnerabilities Use /brief to get a weekly analyst-ready summary of high-severity vulnerabilities and their impact.
Open Intel Bot →
Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 28, 2026 at 18:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2025-60887 — Cista Insecure Deserialization

CVE-2025-60887 — An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap...

vulnerabilityCVEmedium-severityinsecure-deserialization
/SCW Vulnerability Desk /MEDIUM /5.3 /⚑ 1 IOC /⚙ 3 Sigma

Firefox ESR Sandbox Escape: Critical CVE-2026-7321 Demands Immediate Attention

CVE-2026-7321 — Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox ESR 140.10.1.

vulnerabilityCVEcriticalhigh-severitycwe-120
/SCW Vulnerability Desk /CRITICAL /9.6 /⚑ 2 IOCs /⚙ 4 Sigma

D-Link DIR-825M Buffer Overflow (CVE-2026-7289) Exposes Routers

CVE-2026-7289 — A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument...

vulnerabilityCVEhigh-severitybuffer-overflowcwe-119cwe-120
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 3 IOCs /⚙ 2 Sigma