PT-2025-49538 · D Link · D-Link Dcs-930L

Jiahui2888

Publicado

2025-12-08

Atualizado

2025-12-11

CVE-2025-14225

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions D-Link DCS-930L version 1.15.04

Description A flaw exists in D-Link DCS-930L version 1.15.04 that allows for remote command injection. The issue is located within the alphapd component, specifically in the /setSystemAdmin file. Manipulation of the AdminID argument can lead to unauthorized command execution. The exploit for this issue has been publicly disclosed. This vulnerability affects products that are no longer supported by the maintainer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Command Injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77CWE-74

Identificadores relacionados

CVE-2025-14225

Produtos afetados

D-Link Dcs-930L

PT-2025-49538 · D Link · D-Link Dcs-930L

CVE-2025-14225

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11