Command Injection Vulnerability in D-Link DIR-880L Router
CVE-2025-4341
5.3MEDIUM
What is CVE-2025-4341?
A command injection vulnerability exists in the D-Link DIR-880L router, specifically within the sub_16570 function of the Request Header Handler. This vulnerability allows an attacker to manipulate HTTP headers such as HTTP_ST, REMOTE_ADDR, REMOTE_PORT, and SERVER_ID, leading to potential unauthorized command execution. The vulnerability can be exploited remotely, and it affects only the D-Link DIR-880L models that are no longer supported by the vendor. Organizations using this model should immediately assess their security posture and consider mitigation strategies to protect against potential exploitation.
Affected Version(s)
DIR-880L 104WWb01
References
CVSS V4
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
BabyShark (VulDB User)