OS Command Injection Vulnerability in D-Link DCS-932L by D-Link
CVE-2025-5573
Key Information:
Badges
What is CVE-2025-5573?
A vulnerability in the D-Link DCS-932L, specifically in the setSystemWizard and setSystemControl functions, allows an attacker to manipulate the AdminID argument, leading to OS command injection. This security flaw can be exploited remotely, presenting significant risks, particularly for devices that are no longer supported by the vendor. Given its public disclosure, users of the affected product should take immediate precautions.
Affected Version(s)
DCS-932L 2.18.01
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
9% chance of being exploited in the next 30 days.
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved