High severity8.0NVD Advisory· Published Apr 27, 2026· Updated Apr 30, 2026

CVE-2026-7069

Description

A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. Performing a manipulation of the argument NewPortMappingDescription results in buffer overflow. The attack needs to be approached within the local network. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.

Affected products

Dlink/Dir 825 Firmware
cpe:2.3:o:dlink:dir-825_firmware:3.00b32:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tzh00203.notion.site/D-Link-DIR-825-miniupnpd-AddPortMapping-Stack-Overflow-337b5c52018a8028988ecc9daded409envdExploitMitigationThird Party Advisory
vuldb.com/submit/798647nvdThird Party AdvisoryVDB Entry
vuldb.com/vuln/359644nvdThird Party AdvisoryVDB Entry
vuldb.com/vuln/359644/ctinvdPermissions RequiredVDB Entry
www.dlink.comnvdProduct

News mentions

No linked articles in our index yet.

cvss	0.520
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000