PT-2025-42896 · D Link · D-Link Dsr-150+2

Published

2025-10-21

Updated

2026-02-27

CVE-2025-60344

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions D-Link DSR-150 D-Link DSR-150N D-Link DSR-250N version 1.09B32 WW

Description An unauthenticated Local File Inclusion (LFI) exists in D-Link DSR series routers. This allows remote attackers to retrieve sensitive configuration files in clear text. These files contain administrative credentials and VPN settings, potentially granting full administrative access to the router.

Recommendations Update D-Link DSR-150 to a newer version. Update D-Link DSR-150N to a newer version. Update D-Link DSR-250N to a newer version than 1.09B32 WW.

Exploit

Fix

Improper Access Control

Incorrect Privilege Assignment

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-266CWE-200CWE-24

Related Identifiers

BDU:2025-14651

CVE-2025-60344

Affected Products

D-Link Dsr-150

D-Link Dsr-150N

D-Link Dsr-250

PT-2025-42896 · D Link · D-Link Dsr-150+2

CVE-2025-60344

Weakness Enumeration

Related Identifiers

Affected Products

References · 9