Command Injection Vulnerability in D-Link DIR-619L Router
CVE-2025-4453

5.3MEDIUM

Key Information:

Vendor: D-link
Status: Dir-619l
Vendor: CVE Published:; 9 May 2025

What is CVE-2025-4453?

A command injection vulnerability exists in the D-Link DIR-619L router, specifically impacting version 2.04B04. This flaw arises from improper handling of the sysCmd argument within the formSysCmd function, allowing an attacker to execute arbitrary commands remotely. As the affected product is no longer supported by the vendor, users are at increased risk of exploitation without the availability of security updates to mitigate this issue.

Affected Version(s)

DIR-619L 2.04B04

References

https://vuldb.com/?id.308067

vdb-entrytechnical-description

https://vuldb.com/?ctiid.308067

signaturepermissions-required

https://vuldb.com/?submit.560797

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
May 9, 2025
Vulnerability Reserved
May 8, 2025

Credit

zjy148909 (VulDB User)