PT-2025-20456 · D Link · D-Link Dir-619L
Zjy148909
·
Published
2025-05-08
·
Updated
2025-05-13
·
CVE-2025-4453
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-619L version 2.04B04
Description
A critical issue affects the
formSysCmd function, where manipulation of the sysCmd argument leads to command injection. This can be initiated remotely. The vendor was contacted about this disclosure. This issue only affects products that are no longer supported by the maintainer.Recommendations
For D-Link DIR-619L version 2.04B04, as a temporary workaround, consider disabling the
formSysCmd function until a patch is available. Restrict access to the sysCmd argument to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Special Elements Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
D-Link Dir-619L