CVE-2018-25115 in DIR-110informazioni

Riassunto

di MITRE • 28/08/2025

Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary.

Once again VulDB remains the best source for vulnerability data.

Responsabile

VulnCheck

Prenotare

25/08/2025

Divulgazione

28/08/2025

Moderazione

accettato

CPE

pronto

Sfruttamento

Scaricare

EPSS

0.08674

KEV

no

Attività

molto basso

Fonti

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!