CVE-2025-0492

A vulnerability has been found in D-Link DIR-823X 240126/240802 and classified as critical. Affected by this vulnerability is the function FUN_00412244. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS v3 7.5 HIGH
CVSS v2.0 7.8 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://tasty-foxtrot-3a8.notion.site/D-link-DIR-823X-FUN_00412244-NULL-Pointer-Dereference-1730448e619580fcb7f9d871c6e7190a	Exploit Third Party Advisory
https://vuldb.com/?ctiid.291937	Permissions Required VDB Entry
https://vuldb.com/?id.291937	Third Party Advisory VDB Entry
https://vuldb.com/?submit.475301	Third Party Advisory VDB Entry
https://www.dlink.com/	Product

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:dlink:dir-823x_firmware:240126:::::::*
	cpe:2.3:o:dlink:dir-823x_firmware:240802:::::::*

cpe:2.3:h:dlink:dir-823x:*:*:*:*:*:*:*:*

History

24 Sep 2025, 18:41

Type	Values Removed	Values Added
CPE		cpe:2.3:o:dlink:dir-823x_firmware:240126:::::::* cpe:2.3:o:dlink:dir-823x_firmware:240802:::::::* cpe:2.3:h:dlink:dir-823x::::::::
First Time		Dlink dir-823x Dlink Dlink dir-823x Firmware
References	~~() https://tasty-foxtrot-3a8.notion.site/D-link-DIR-823X-FUN_00412244-NULL-Pointer-Dereference-1730448e619580fcb7f9d871c6e7190a -~~	() https://tasty-foxtrot-3a8.notion.site/D-link-DIR-823X-FUN_00412244-NULL-Pointer-Dereference-1730448e619580fcb7f9d871c6e7190a - Exploit, Third Party Advisory
References	~~() https://vuldb.com/?ctiid.291937 -~~	() https://vuldb.com/?ctiid.291937 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.291937 -~~	() https://vuldb.com/?id.291937 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.475301 -~~	() https://vuldb.com/?submit.475301 - Third Party Advisory, VDB Entry
References	~~() https://www.dlink.com/ -~~	() https://www.dlink.com/ - Product
Summary		(es) Se ha encontrado una vulnerabilidad en D-Link DIR-823X 240126/240802 y se ha clasificado como crítica. Esta vulnerabilidad afecta a la función FUN_00412244. La manipulación provoca la desreferenciación de puntero null. El ataque se puede ejecutar de forma remota. El exploit se ha hecho público y puede utilizarse.

15 Jan 2025, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-15 22:15

Updated : 2025-09-24 18:41

NVD link : CVE-2025-0492

Mitre link : CVE-2025-0492

CVE.ORG link : CVE-2025-0492

JSON object : View

Products Affected

dlink

dir-823x_firmware
dir-823x

CWE

CWE-404

Improper Resource Shutdown or Release

CWE-476

NULL Pointer Dereference

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2025-0492

7.5^/10

7.8^/10

Attach tags to `CVE-2025-0492`