Command Injection Vulnerability in D-Link DIR-853 A1 Router
CVE-2025-25743

7.2HIGH

Key Information:

Vendor: D-Link
Status: DIR-853 A1 Router
Vendor: CVE Published:; 12 February 2025

What is CVE-2025-25743?

A command injection vulnerability exists in the SetVirtualServerSettings module of the D-Link DIR-853 A1 router, specifically in firmware version FW1.20B07. This flaw allows an attacker to craft and send malicious commands to the affected router, potentially gaining unauthorized access to sensitive configurations and control of the device. Exploitation of this vulnerability could lead to significant security risks, including unauthorized network access and manipulation of router settings.

References

https://dear-sunshine-ba5.notion.site/D-Link-DIR-853-1812...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 12, 2025
Vulnerability Reserved
Feb 7, 2025