Vulnerability Description
A vulnerability was found in D-Link DCS-935L up to 1.13.01. The impacted element is the function sub_402280 of the file /HNAP1/. The manipulation of the argument HNAP_AUTH/SOAPAction results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dcs-935L Firmware | <= 1.13.01 |
| Dlink | Dcs-935L | - |
Related Weaknesses (CWE)
References
- https://github.com/scanleale/IOT_sec/blob/main/DCS-935L-1.pdfExploitThird Party Advisory
- https://github.com/scanleale/IOT_sec/blob/main/DCS-935L-2.pdfExploitThird Party Advisory
- https://vuldb.com/?ctiid.325135Permissions RequiredVDB Entry
- https://vuldb.com/?id.325135Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.653690Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.653691Third Party AdvisoryVDB Entry
- https://www.dlink.com/Product
- https://github.com/scanleale/IOT_sec/blob/main/DCS-935L-1.pdfExploitThird Party Advisory
- https://github.com/scanleale/IOT_sec/blob/main/DCS-935L-2.pdfExploitThird Party Advisory
FAQ
What is CVE-2025-10779?
CVE-2025-10779 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability was found in D-Link DCS-935L up to 1.13.01. The impacted element is the function sub_402280 of the file /HNAP1/. The manipulation of the argument HNAP_AUTH/SOAPAction results in stack-...
How severe is CVE-2025-10779?
CVE-2025-10779 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-10779?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dcs-935L Firmware, Dlink Dcs-935L.