CVE-2025-34125

UNKNOWN 0.0

D-Link DSP-W110A1 Cookie Command Injection

CVSS Score

0.0

EPSS Score

49.4%

EPSS Percentile

98th

An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted cookie values are processed, allowing remote attackers to execute arbitrary commands on the underlying Linux operating system. Successful exploitation enables full system compromise.

CWE	CWE-78
Vendor	d-link
Product	dsp-w110a1
Published	Jul 16, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for d-link dsp-w110a1

Be the first to know when new unknown vulnerabilities affecting d-link dsp-w110a1 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

D-Link / DSP-W110A1

1.05B01

References

NVD ↗ CVE.org ↗ EPSS Data ↗

web.archive.org: https://web.archive.org/web/20160125171424/https://github.com/darkarnium/secpub/tree/master/D-Link/DSP-W110 raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dlink_dspw110_cookie_noauth_exec.rb vulncheck.com: https://www.vulncheck.com/advisories/dlink-dspw110a1-cookie-command-injection exploit-db.com: https://www.exploit-db.com/exploits/37628

Credits

Peter Adkins