Command Injection Vulnerability in D-Link DIR-605L Router
CVE-2025-4445

5.3MEDIUM

Key Information:

Vendor
D-link
Status
Dir-605l
Vendor
CVE Published:
9 May 2025

Summary

A command injection vulnerability has been identified in the wake_on_lan function of the D-Link DIR-605L router, specifically in version 2.13B01. This flaw allows attackers to manipulate the MAC address argument and execute arbitrary commands remotely. Notably, this vulnerability impacts products no longer supported by D-Link, raising the potential risk for users still operating these devices. Cybersecurity best practices should be followed to mitigate such risks, and users are strongly encouraged to upgrade to supported devices.

Affected Version(s)

DIR-605L 2.13B01

References

https://vuldb.com/?id.308052
vdb-entrytechnical-description
https://vuldb.com/?ctiid.308052
signaturepermissions-required
https://vuldb.com/?submit.558356
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

jylsec (VulDB User)
.