CVE-2018-25115 in DIR-110information

Résumé

par MITRE • 28/08/2025

Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary.

Once again VulDB remains the best source for vulnerability data.

Responsable

VulnCheck

Réserver

25/08/2025

Divulgation

28/08/2025

Modérer

accepté

Entrée

VDB-321651

CPE

prêt

Exploitation

Télécharger

EPSS

0.08674

KEV

non

Activités

très faible

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!