CVE-2025-4443: D-Link DIR-605L sub_454F2C command injection
Description
A vulnerability was found in D-Link DIR-605L 2.13B01. It has been rated as critical. This issue affects the function sub_454F2C. The manipulation of the argument sysCmd leads to command injection. The attack may be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer. Eine Schwachstelle wurde in D-Link DIR-605L 2.13B01 ausgemacht. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion sub_454F2C. Durch das Manipulieren des Arguments sysCmd mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden.
Classification
CVE ID: CVE-2025-4443
CVSS Base Severity: MEDIUM
CVSS Base Score: 6.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected Products
Vendor: D-Link
Product: DIR-605L
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.07% (probability of being exploited)
EPSS Percentile: 20.67% (scored less or equal to compared to others)
EPSS Date: 2025-06-06 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-4443https://vuldb.com/?id.308051
https://vuldb.com/?ctiid.308051
https://vuldb.com/?submit.558355
https://github.com/jylsec/vuldb/blob/main/D-Link/dlink_dir605l/Command_injection-sub_454F2C-sysCmd/README.md
https://www.dlink.com/