CVE-2025-5571

A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. Affected is the function setSystemAdmin of the file /setSystemAdmin. The manipulation of the argument AdminID leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Published: Jun 4, 2025
Updated: Jul 17, 2025
CVE: CVE-2025-5571
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-78
CWE-77

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
dlink / dcs-932l_firmware	2.18.01	2.18.01.x

https://github.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_42/42.md
https://vuldb.com/?ctiid.311028
https://vuldb.com/?id.311028
https://vuldb.com/?submit.588465
https://www.dlink.com/

Vulnerability Database

CVE-2025-5571

Deep Security Visibility Without the Complexity