CVE-2018-25115

UNKNOWN 0.0

D-Link DIR-110/412/600/615/645/815 RCE via service.cgi

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-08-21 UTC.

CWE	CWE-78
Vendor	d-link
Product	dir-110
Published	Aug 27, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for d-link dir-110

Be the first to know when new unknown vulnerabilities affecting d-link dir-110 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

D-Link / DIR-110

D-Link / DIR-412

D-Link / DIR-600

D-Link / DIR-615

D-Link / DIR-645

D-Link / DIR-815

* ≤ Version A 1.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/Cr0n1c/dlink_shell_poc/blob/master/dlink_auth_rce exploit-db.com: https://www.exploit-db.com/exploits/43496 legacy.us.dlink.com: https://legacy.us.dlink.com/ support.dlink.com: https://support.dlink.com/EndOfLifePolicy.aspx vulncheck.com: https://www.vulncheck.com/advisories/dlink-dir-rce-service-cgi

Credits

Cr0n1c