CVE-2018-25115

Name of the Vulnerable Software and Affected Versions D-Link DIR-110 version 1.03 D-Link DIR-412 version 1.03 D-Link DIR-600 version 1.03 D-Link DIR-610 version 1.03 D-Link DIR-615 version 1.03 D-Link DIR-645 version 1.03 D-Link DIR-815 version 1.03

Description Multiple D-Link DIR-series routers are affected by a flaw that allows remote attackers to execute arbitrary system commands without authentication. The issue is due to improper input handling in the EVENT=CHECKFW parameter of the /service.cgi API endpoint, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, potentially leading to full device compromise. The Shadowserver Foundation first observed exploitation evidence on 2025-08-21 UTC.

Recommendations D-Link DIR-110 version 1.03: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DIR-412 version 1.03: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DIR-600 version 1.03: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DIR-610 version 1.03: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DIR-615 version 1.03: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DIR-645 version 1.03: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DIR-815 version 1.03: At the moment, there is no information about a newer version that contains a fix for this vulnerability.