CVE-2025-11488

CVSS v2.0

7.5

High

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions D-Link DIR-852 versions prior to 20251003

Description A flaw exists in D-Link DIR-852. This issue affects an unspecified component of the /HNAP1/ file. Successful manipulation can result in command injection. The attack can be initiated remotely. The exploit is publicly available. This vulnerability impacts products that are no longer supported.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Command Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-74

Related Identifiers

BDU:2025-12815

CVE-2025-11488

Affected Products

Dir-852

CVE-2025-11488

Weakness Enumeration

Related Identifiers

Affected Products

References · 12