Command Injection Vulnerability in D-Link DIR-605L Router
CVE-2025-4445

5.3MEDIUM

Key Information:

Vendor: D-link
Status: Dir-605l
Vendor: CVE Published:; 9 May 2025

What is CVE-2025-4445?

A command injection vulnerability has been identified in the wake_on_lan function of the D-Link DIR-605L router, specifically in version 2.13B01. This flaw allows attackers to manipulate the MAC address argument and execute arbitrary commands remotely. Notably, this vulnerability impacts products no longer supported by D-Link, raising the potential risk for users still operating these devices. Cybersecurity best practices should be followed to mitigate such risks, and users are strongly encouraged to upgrade to supported devices.

Affected Version(s)

DIR-605L 2.13B01

References

https://vuldb.com/?id.308052

vdb-entrytechnical-description

https://vuldb.com/?ctiid.308052

signaturepermissions-required

https://vuldb.com/?submit.558356

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 9, 2025
Vulnerability Reserved
May 8, 2025

Credit

jylsec (VulDB User)