Sign-up

ID

VAR-202506-0230


CVE

CVE-2025-5573


TITLE

D-Link Systems, Inc.  of  DCS-932L  in the firmware  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2025-006494

DESCRIPTION

A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by this issue is the function setSystemWizard/setSystemControl of the file /setSystemWizard. The manipulation of the argument AdminID leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DCS-932L The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DCS-932L is a network surveillance camera from D-Link, a Chinese company. It is used for security and monitoring. D-Link DCS-932L has a command injection vulnerability, which is caused by the parameter AdminID in the file /setSystemWizard failing to properly filter special characters and commands in the constructed command. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2025-5573 // JVNDB: JVNDB-2025-006494 // CNVD: CNVD-2025-12282

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-12282

AFFECTED PRODUCTS

vendor:dlinkmodel:dcs-932lscope:eqversion:2.18.01

Trust: 1.0

vendor:d linkmodel:dcs-932lscope:eqversion:dcs-932l firmware 2.18.01

Trust: 0.8

vendor:d linkmodel:dcs-932lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-932lscope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dcs-932lscope:eqversion:2.18.01

Trust: 0.6

sources: CNVD: CNVD-2025-12282 // JVNDB: JVNDB-2025-006494 // NVD: CVE-2025-5573

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-5573
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2025-5573
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2025-006494
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-12282
value: MEDIUM

Trust: 0.6

cna@vuldb.com: CVE-2025-5573
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-006494
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-12282
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-5573
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-5573
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-006494
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-12282 // JVNDB: JVNDB-2025-006494 // NVD: CVE-2025-5573 // NVD: CVE-2025-5573

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-78

Trust: 1.0

problemtype:Command injection (CWE-77) [ others ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-006494 // NVD: CVE-2025-5573

EXTERNAL IDS

db:NVDid:CVE-2025-5573

Trust: 3.2

db:VULDBid:311030

Trust: 1.8

db:JVNDBid:JVNDB-2025-006494

Trust: 0.8

db:CNVDid:CNVD-2025-12282

Trust: 0.6

sources: CNVD: CNVD-2025-12282 // JVNDB: JVNDB-2025-006494 // NVD: CVE-2025-5573

REFERENCES

url:https://github.com/wudipjq/my_vuln/blob/main/d-link5/vuln_44/44.md

Trust: 2.4

url:https://vuldb.com/?id.311030

Trust: 1.8

url:https://vuldb.com/?submit.588467

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/?ctiid.311030

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-5573

Trust: 0.8

sources: CNVD: CNVD-2025-12282 // JVNDB: JVNDB-2025-006494 // NVD: CVE-2025-5573

SOURCES

db:CNVDid:CNVD-2025-12282
db:JVNDBid:JVNDB-2025-006494
db:NVDid:CVE-2025-5573

LAST UPDATE DATE

2025-06-14T22:55:00.711000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-12282date:2025-06-12T00:00:00
db:JVNDBid:JVNDB-2025-006494date:2025-06-10T00:32:00
db:NVDid:CVE-2025-5573date:2025-06-06T18:48:46.463

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-12282date:2025-06-12T00:00:00
db:JVNDBid:JVNDB-2025-006494date:2025-06-10T00:00:00
db:NVDid:CVE-2025-5573date:2025-06-04T06:15:22.677