CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-25893: An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the inIP, insPort, inePort, exsPort, exePort, and protocol...

Description

An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the inIP, insPort, inePort, exsPort, exePort, and protocol parameters. This vulnerability allows attackers to execute arbitrary operating system (OS) commands via a crafted packet.

Classification

CVE ID: CVE-2025-25893

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 14.0% (scored less or equal to compared to others)

EPSS Date: 2025-03-19 (when was this score calculated)

References

https://github.com/2664521593/mycve/blob/main/CJ_in_D-Link_DSL-3782_2_en.pdf

Timeline

2025-02-19 00:31:39 UTC
CVE

An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the inIP, insPort, inePort, exsPort, exePort, and protocol...