Home

Description

A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

PUBLISHED Reserved 2025-12-18 | Published 2025-12-18 | Updated 2025-12-18 | Assigner VulDB




HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
HIGH: 7.2CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
8.3AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR

Problem types

Command Injection

Injection

Product status

202WWB03
affected

Timeline

2025-12-18:Advisory disclosed
2025-12-18:VulDB entry created
2025-12-18:VulDB entry last update

Credits

tian (VulDB User) reporter

References

vuldb.com/?id.337372 (VDB-337372 | D-Link DIR-605 Firmware Update Service command injection) vdb-entry

vuldb.com/?ctiid.337372 (VDB-337372 | CTI Indicators (IOB, IOC, TTP)) signature permissions-required

vuldb.com/?submit.715465 (Submit #715465 | D-Link DIR605 B1v202WWB03 Command Injection) third-party-advisory

tzh00203.notion.site/...0de8df7f427ac2faf0e?source=copy_link exploit patch

www.dlink.com/ product

cve.org (CVE-2025-14884)

nvd.nist.gov (CVE-2025-14884)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.