CVE 8.6 HIGH

D-Link DIR-605 Firmware Update Service command injection_CVE-2025-14884

December 18, 2025 invoker category_cve

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

AI Analysis

Command injection vulnerability in the Firmware Update Service of D-Link DIR-605

Basic Information

ID CVE-2025-14884

Source VulDB

Published Dec 18, 2025 at 17:02

Affected Product

Vendor D-Link

Product DIR-605

Version 202WWB03

Affected Versions D-Link DIR-605 202WWB03

CWE Classification

CWE-77 CWE-74

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor D-Link

Product DIR-605

Version 202WWB03

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.",
    "published": "2025-12-18T17:02:11.629Z",
    "modified": "2025-12-18T17:02:11.629Z",
    "type": "cve",
    "title": "D-Link DIR-605 Firmware Update Service command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.337372\nhttps://vuldb.com/?ctiid.337372\nhttps://vuldb.com/?submit.715465\nhttps://tzh00203.notion.site/D-Link-DIR605-B1v202WWB03-Command-Injection-in-Firmware-Update-2cab5c52018a80de8df7f427ac2faf0e?source=copy_link\nhttps://www.dlink.com/",
    "id": "CVE-2025-14884",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "D-Link DIR-605 202WWB03",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DIR-605",
    "version": "202WWB03",
    "vendor": "D-Link",
    "ai_description": "Command injection vulnerability in the Firmware Update Service of D-Link DIR-605",
    "ai_severity": "High",
    "ai_vendor": "D-Link",
    "ai_product": "DIR-605",
    "ai_version": "202WWB03",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply