CVE-2025-11665

A vulnerability was detected in D-Link DAP-2695 2.00RC131. This affects the function fwupdater_main of the file rgbin of the component Firmware Update Handler. Performing manipulation results in os command injection. The attack may be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer.

Published: Oct 13, 2025
Updated: Nov 4, 2025
CVE: CVE-2025-11665
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.7
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:L/Au:M/C:P/I:P/A:P

CWEs:

CWE-78
CWE-77

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
dlink / dap-2695_firmware	2.00-rc131	2.00-rc131.x

https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Dlink/DAP-2695.md
https://vuldb.com/?ctiid.328084
https://vuldb.com/?id.328084
https://vuldb.com/?submit.673104
https://www.dlink.com/

Vulnerability Database

CVE-2025-11665

Deep Security Visibility Without the Complexity