Command Injection Vulnerability in D-Link DIR-645 Router
CVE-2025-7192
5.3MEDIUM
Key Information:
Badges
👾 Exploit Exists🟡 Public PoC
What is CVE-2025-7192?
A command injection vulnerability has been identified in the D-Link DIR-645 router, specifically within the function ssdpcgi_main of the /htdocs/cgibin component. This flaw allows remote attackers to execute arbitrary commands, potentially compromising the device and network it operates within. The affected versions are those no longer supported by D-Link, which increases the risk of exploitation given the public disclosure of the exploit.
Affected Version(s)
DIR-645 1.05B01
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
liuchangwei (VulDB User)