Details of VAR-202507-0208

ID

VAR-202507-0208

CVE

CVE-2025-7192

TITLE

D-Link Systems, Inc. of DIR-645 Injection Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-009039

DESCRIPTION

A vulnerability was found in D-Link DIR-645 up to 1.05B01 and classified as critical. This issue affects the function ssdpcgi_main of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-645 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-645 is a Gigabit wireless router launched by D-Link in 2012 for home and small business users. The D-Link DIR-645 suffers from a command injection vulnerability caused by the ssdpcgi_main function in the file /htdocs/cgibin in the ssdpcgi component, which fails to properly sanitize special characters and commands in constructed commands. No detailed vulnerability details are currently available

Trust: 2.16

sources: NVD: CVE-2025-7192 // JVNDB: JVNDB-2025-009039 // CNVD: CNVD-2025-17386

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-17386

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-645	scope:	lte	version:	1.05b01	Trust: 1.0
vendor:	d link	model:	dir-645	scope:	lte	version:	dir-645 firmware 1.05b01 and earlier	Trust: 0.8
vendor:	d link	model:	dir-645	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	dir-645	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-645 <=1.05b01	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-17386 // JVNDB: JVNDB-2025-009039 // NVD: CVE-2025-7192

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-7192
value:	LOW
Trust: 1.0
nvd@nist.gov:	CVE-2025-7192
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-009039
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-17386
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2025-7192
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-009039
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-17386
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-7192
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-7192
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2025-009039
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-17386 // JVNDB: JVNDB-2025-009039 // NVD: CVE-2025-7192 // NVD: CVE-2025-7192

PROBLEMTYPE DATA

problemtype:	CWE-74	Trust: 1.0
problemtype:	CWE-77	Trust: 1.0
problemtype:	injection (CWE-74) [ others ]	Trust: 0.8
problemtype:	Command injection (CWE-77) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-009039 // NVD: CVE-2025-7192

EXTERNAL IDS

db:	NVD	id:	CVE-2025-7192	Trust: 3.2
db:	VULDB	id:	315131	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-009039	Trust: 0.8
db:	CNVD	id:	CNVD-2025-17386	Trust: 0.6

sources: CNVD: CNVD-2025-17386 // JVNDB: JVNDB-2025-009039 // NVD: CVE-2025-7192

REFERENCES

url:	https://github.com/thir0th/thir0th-cve/blob/main/d-link%20dir%e2%80%91645%20a1%20has%20a%20remote%20arbitrary%20command%20execution%20vulnerability%20in%20ssdpcgi.md	Trust: 2.4
url:	https://vuldb.com/?id.315131	Trust: 1.8
url:	https://vuldb.com/?submit.607261	Trust: 1.8
url:	https://www.dlink.com/	Trust: 1.8
url:	https://vuldb.com/?ctiid.315131	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-7192	Trust: 0.8

sources: CNVD: CNVD-2025-17386 // JVNDB: JVNDB-2025-009039 // NVD: CVE-2025-7192

SOURCES

db:	CNVD	id:	CNVD-2025-17386
db:	JVNDB	id:	JVNDB-2025-009039
db:	NVD	id:	CVE-2025-7192

LAST UPDATE DATE

2025-08-02T23:21:05.489000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-17386	date:	2025-08-01T00:00:00
db:	JVNDB	id:	JVNDB-2025-009039	date:	2025-07-16T07:38:00
db:	NVD	id:	CVE-2025-7192	date:	2025-07-14T15:15:31.173

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-17386	date:	2025-08-01T00:00:00
db:	JVNDB	id:	JVNDB-2025-009039	date:	2025-07-16T00:00:00
db:	NVD	id:	CVE-2025-7192	date:	2025-07-08T20:15:30.830