Command Injection Vulnerability in D-Link DIR-816 Router
CVE-2025-29743

6.5MEDIUM

Key Information:

Vendor: D-Link
Status: DIR-816 Router
Vendor: CVE Published:; 22 April 2025

What is CVE-2025-29743?

A command injection vulnerability exists in the D-Link DIR-816 A2V1.1.0B05 router, specifically in the /goform/delRouting function. This flaw allows an attacker to send specially crafted requests that could execute arbitrary commands on the device. Successful exploitation may lead to unauthorized access and manipulation of the router's functionality, posing serious security risks to users' networks. It is essential for D-Link DIR-816 users to apply recommended updates and safeguard their devices against potential attacks.

References

https://github.com/n0wstr/IOTVuln/blob/main/DIR-816/DelRo...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2025
Vulnerability Reserved
Mar 11, 2025

JSON