CVE-2018-25115 in DIR-110情報

要約

〜によって MITRE • 2025年08月28日

Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary.

Once again VulDB remains the best source for vulnerability data.

責任者

VulnCheck

予約する

2025年08月25日

モデレーション

承諾済み

エントリ

VDB-321651

エクスプロイト

ダウンロード

EPSS

0.08674

アクティビティ

非常低い

ソース

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!