CVE-2025-4443

A vulnerability was found in D-Link DIR-605L 2.13B01. It has been rated as critical. This issue affects the function sub_454F2C. The manipulation of the argument sysCmd leads to command injection. The attack may be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.

Published: May 9, 2025
Updated: May 14, 2025
CVE: CVE-2025-4443
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-74
CWE-77

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
dlink / dir-605l_firmware	2.13b01	2.13b01.x

https://github.com/jylsec/vuldb/blob/main/D-Link/dlink_dir605l/Command_injection-sub_454F2C-sysCmd/README.md
https://vuldb.com/?ctiid.308051
https://vuldb.com/?id.308051
https://vuldb.com/?submit.558355
https://www.dlink.com/

Vulnerability Database

CVE-2025-4443

Deep Security Visibility Without the Complexity