CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2020-29557

CVSS 9.8v3.1pub. 2021-01-29upd. 2025-11-07

An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Dir 825

    HW
    Dlink
    r1
  • Dlink Dir 825\/a

    HW
    Dlink
    d1a
  • Dlink Dir 825\/ac

    HW
    Dlink
    ee1a
  • Dlink Dir 825\/acf

    HW
    Dlink
    f1
  • Dlink Dir 825\/gf

    HW
    Dlink
    gf
  • Dlink Dir 825 R1 Firmware

    OS
    Dlink
    ≤ 3.0.1

CISA KEV — detailsi

Vendori
D-Link
Producti
DIR-825 R1 Devices
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
May 3, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

D-Link DIR-825 R1 devices contain a buffer overflow vulnerability in the web interface that may allow for remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 3 maja 2022
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2019-16920CRITICAL9.8⚠ KEVten sam produkt

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1...

CVE-2022-47035CRITICAL9.8ten sam produkt

Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute ...

CVE-2021-46442CRITICAL9.8ten sam produkt

In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgra...

CVE-2026-7068HIGH7.4ten sam produkt

A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD_process of the file s...

CVE-2026-7069HIGH7.3ten sam produkt

A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping ...