CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-4445: D-Link DIR-605L wake_on_lan command injection

6.3 CVSS

Description

A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01. Affected is the function wake_on_lan. The manipulation of the argument mac leads to command injection. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer. Es wurde eine kritische Schwachstelle in D-Link DIR-605L 2.13B01 entdeckt. Es geht dabei um die Funktion wake_on_lan. Durch Manipulieren des Arguments mac mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren.

Classification

CVE ID: CVE-2025-4445

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Problem Types

Command Injection Injection

Affected Products

Vendor: D-Link

Product: DIR-605L

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.07% (probability of being exploited)

EPSS Percentile: 20.69% (scored less or equal to compared to others)

EPSS Date: 2025-06-07 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: true

References

https://nvd.nist.gov/vuln/detail/CVE-2025-4445
https://vuldb.com/?id.308052
https://vuldb.com/?ctiid.308052
https://vuldb.com/?submit.558356
https://github.com/jylsec/vuldb/blob/main/D-Link/dlink_dir605l/Command_injection-wake_on_lan-mac/README.md
https://www.dlink.com/

Timeline

2025-05-09 04:40:12 UTC
CVE

D-Link DIR-605L wake_on_lan command injection