Command Injection Vulnerability in D-Link DIR-816 Router
CVE-2025-29743

6.5MEDIUM

Key Information:

Vendor
D-Link
Status
DIR-816 Router
Vendor
CVE Published:
22 April 2025

Summary

A command injection vulnerability exists in the D-Link DIR-816 A2V1.1.0B05 router, specifically in the /goform/delRouting function. This flaw allows an attacker to send specially crafted requests that could execute arbitrary commands on the device. Successful exploitation may lead to unauthorized access and manipulation of the router's functionality, posing serious security risks to users' networks. It is essential for D-Link DIR-816 users to apply recommended updates and safeguard their devices against potential attacks.

References

https://github.com/n0wstr/IOTVuln/blob/main/DIR-816/DelRo...

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-29743 : Command Injection Vulnerability in D-Link DIR-816 Router | SecurityVulnerability.io