Details of VAR-202502-0092

ID

VAR-202502-0092

CVE

CVE-2025-1104

TITLE

D-Link Systems, Inc. of dhp-w310av Authentication vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-005414

DESCRIPTION

A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass by spoofing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of dhp-w310av The firmware contains vulnerabilities related to authentication and vulnerabilities related to authentication evasion through spoofing.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DHP-W310AV is a popular router device

Trust: 2.16

sources: NVD: CVE-2025-1104 // JVNDB: JVNDB-2025-005414 // CNVD: CNVD-2025-11543

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-11543

AFFECTED PRODUCTS

vendor:	dlink	model:	dhp-w310av	scope:	eq	version:	1.04	Trust: 1.0
vendor:	d link	model:	dhp-w310av	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	dhp-w310av	scope:	eq	version:	dhp-w310av firmware 1.04	Trust: 0.8
vendor:	d link	model:	dhp-w310av	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dhp-w310av	scope:	eq	version:	1.04	Trust: 0.6

sources: CNVD: CNVD-2025-11543 // JVNDB: JVNDB-2025-005414 // NVD: CVE-2025-1104

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-1104
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2025-1104
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2025-005414
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-11543
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-1104
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-005414
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-11543
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-1104
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	3.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-1104
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2025-005414
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-11543 // JVNDB: JVNDB-2025-005414 // NVD: CVE-2025-1104 // NVD: CVE-2025-1104

PROBLEMTYPE DATA

problemtype:	CWE-290	Trust: 1.0
problemtype:	CWE-287	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [ others ]	Trust: 0.8
problemtype:	Avoid authentication by spoofing (CWE-290) [ others ]	Trust: 0.8
problemtype:	Avoid authentication by spoofing (CWE-290) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-005414 // NVD: CVE-2025-1104

EXTERNAL IDS

db:	NVD	id:	CVE-2025-1104	Trust: 3.2
db:	VULDB	id:	294934	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-005414	Trust: 0.8
db:	CNVD	id:	CNVD-2025-11543	Trust: 0.6

sources: CNVD: CNVD-2025-11543 // JVNDB: JVNDB-2025-005414 // NVD: CVE-2025-1104

REFERENCES

url:	https://github.com/kn1g78/cve/blob/main/dlink.md	Trust: 2.4
url:	https://vuldb.com/?id.294934	Trust: 1.8
url:	https://vuldb.com/?submit.489958	Trust: 1.8
url:	https://www.dlink.com/	Trust: 1.8
url:	https://vuldb.com/?ctiid.294934	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-1104	Trust: 0.8

sources: CNVD: CNVD-2025-11543 // JVNDB: JVNDB-2025-005414 // NVD: CVE-2025-1104

SOURCES

db:	CNVD	id:	CNVD-2025-11543
db:	JVNDB	id:	JVNDB-2025-005414
db:	NVD	id:	CVE-2025-1104

LAST UPDATE DATE

2025-06-08T23:22:08.535000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-11543	date:	2025-06-06T00:00:00
db:	JVNDB	id:	JVNDB-2025-005414	date:	2025-05-22T01:30:00
db:	NVD	id:	CVE-2025-1104	date:	2025-05-21T16:13:06.583

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-11543	date:	2025-06-05T00:00:00
db:	JVNDB	id:	JVNDB-2025-005414	date:	2025-05-22T00:00:00
db:	NVD	id:	CVE-2025-1104	date:	2025-02-07T17:15:31.477