Details of VAR-202505-0138

ID

VAR-202505-0138

CVE

CVE-2025-4341

TITLE

D-Link Systems, Inc. of DIR-880L Command injection vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-004930

DESCRIPTION

A vulnerability classified as critical was found in D-Link DIR-880L up to 104WWb01. Affected by this vulnerability is the function sub_16570 of the file /htdocs/ssdpcgi of the component Request Header Handler. The manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-880L Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-880L is a dual-band Gigabit wireless router from D-Link. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2025-4341 // JVNDB: JVNDB-2025-004930 // CNVD: CNVD-2025-11228

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-11228

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-880l	scope:	lte	version:	104wwb01	Trust: 1.0
vendor:	d link	model:	dir-880l	scope:	lte	version:	dir-880l firmware 104wwb01 and earlier	Trust: 0.8
vendor:	d link	model:	dir-880l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-880l	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	dir-880l <=104wwb01	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-11228 // JVNDB: JVNDB-2025-004930 // NVD: CVE-2025-4341

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-4341
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2025-4341
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2025-004930
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-11228
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2025-4341
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-004930
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-11228
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-4341
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-4341
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2025-004930
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-11228 // JVNDB: JVNDB-2025-004930 // NVD: CVE-2025-4341 // NVD: CVE-2025-4341

PROBLEMTYPE DATA

problemtype:	CWE-74	Trust: 1.0
problemtype:	CWE-77	Trust: 1.0
problemtype:	injection (CWE-74) [ others ]	Trust: 0.8
problemtype:	Command injection (CWE-77) [NVD evaluation ]	Trust: 0.8
problemtype:	Command injection (CWE-77) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-004930 // NVD: CVE-2025-4341

EXTERNAL IDS

db:	NVD	id:	CVE-2025-4341	Trust: 3.2
db:	VULDB	id:	307459	Trust: 2.4
db:	JVNDB	id:	JVNDB-2025-004930	Trust: 0.8
db:	CNVD	id:	CNVD-2025-11228	Trust: 0.6

sources: CNVD: CNVD-2025-11228 // JVNDB: JVNDB-2025-004930 // NVD: CVE-2025-4341

REFERENCES

url:	https://vuldb.com/?id.307459	Trust: 2.4
url:	https://vuldb.com/?submit.556433	Trust: 1.8
url:	https://www.dlink.com/	Trust: 1.8
url:	https://github.com/ch13hh/tmp_store_cc/blob/main/dir-880l/1.md	Trust: 1.0
url:	https://vuldb.com/?ctiid.307459	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-4341	Trust: 0.8

sources: CNVD: CNVD-2025-11228 // JVNDB: JVNDB-2025-004930 // NVD: CVE-2025-4341

SOURCES

db:	CNVD	id:	CNVD-2025-11228
db:	JVNDB	id:	JVNDB-2025-004930
db:	NVD	id:	CVE-2025-4341

LAST UPDATE DATE

2025-06-02T23:30:31.747000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-11228	date:	2025-05-30T00:00:00
db:	JVNDB	id:	JVNDB-2025-004930	date:	2025-05-14T06:41:00
db:	NVD	id:	CVE-2025-4341	date:	2025-05-13T20:25:22.027

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-11228	date:	2025-05-30T00:00:00
db:	JVNDB	id:	JVNDB-2025-004930	date:	2025-05-14T00:00:00
db:	NVD	id:	CVE-2025-4341	date:	2025-05-06T09:15:25.837