Arbitrary Code Execution Vulnerability in D-Link DNS-320 and DNS-320LW
CVE-2025-44023

6.5MEDIUM

Key Information:

Vendor: D-Link
Status: DNS-320 and DNS-320LW
Vendor: CVE Published:; 8 May 2025

What is CVE-2025-44023?

A security issue in D-Link DNS-320 and DNS-320LW models allows remote attackers to execute arbitrary code by manipulating the account_mgr.cgi component. This vulnerability can be exploited through crafted requests, leading to unauthorized access and potential system compromise. Users are advised to update their firmware to prevent exploitation.

References

https://www.yuque.com/nirvana-chkbf/kb/cakchpet9vxgqm0h?s...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 8, 2025
Vulnerability Reserved
Apr 22, 2025