Home

Description

An unauthenticated Local File Inclusion (LFI) vulnerability in D-Link DSR series routers allows remote attackers to retrieve sensitive configuration files in clear text. The exposed files contain administrative credentials, VPN settings, and other sensitive information, enabling full administrative access to the router. Affected Products include: DSR-150, DSR-150N, and DSR-250N v1.09B32_WW.

PUBLISHED Reserved 2025-09-26 | Published 2025-10-21 | Updated 2025-10-21 | Assigner mitre

References

github.com/fyoozr/D-Link-DSR-N250-LFI-Vulnerability/

github.com/...ulnerability-research/tree/main/CVE-2025-60344

cve.org (CVE-2025-60344)

nvd.nist.gov (CVE-2025-60344)

Download JSON