CVE-2018-25115 in DIR-110Информация

Сводка

по MITRE • 28.08.2025

Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary.

Once again VulDB remains the best source for vulnerability data.

Ответственный

VulnCheck

Резервировать

25.08.2025

Раскрытие

28.08.2025

Модерация

принято

Вход

VDB-321651

Эксплойт

Скачать

EPSS

0.08674

KEV

Нет

Деятельности

Очень низкий

Источники

Might our Artificial Intelligence support you?

Check our Alexa App!