Details of VAR-202507-0208

ID

VAR-202507-0208

CVE

CVE-2025-7192

DESCRIPTION

A vulnerability was found in D-Link DIR-645 up to 1.05B01 and classified as critical. This issue affects the function ssdpcgi_main of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Trust: 1.0

sources: NVD: CVE-2025-7192

AFFECTED PRODUCTS

vendor:

dlink

model:

dir-645

scope:

lte

version:

1.05b01

Trust: 1.0

sources: NVD: CVE-2025-7192

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-7192
value:	LOW
Trust: 1.0
nvd@nist.gov:	CVE-2025-7192
value:	HIGH
Trust: 1.0

cna@vuldb.com:	CVE-2025-7192
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

cna@vuldb.com:	CVE-2025-7192
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-7192
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: NVD: CVE-2025-7192 // NVD: CVE-2025-7192

PROBLEMTYPE DATA

problemtype:	CWE-74	Trust: 1.0
problemtype:	CWE-77	Trust: 1.0

sources: NVD: CVE-2025-7192

EXTERNAL IDS

db:	VULDB	id:	315131	Trust: 1.0
db:	NVD	id:	CVE-2025-7192	Trust: 1.0

sources: NVD: CVE-2025-7192

REFERENCES

url:	https://vuldb.com/?id.315131	Trust: 1.0
url:	https://github.com/thir0th/thir0th-cve/blob/main/d-link%20dir%e2%80%91645%20a1%20has%20a%20remote%20arbitrary%20command%20execution%20vulnerability%20in%20ssdpcgi.md	Trust: 1.0
url:	https://vuldb.com/?submit.607261	Trust: 1.0
url:	https://vuldb.com/?ctiid.315131	Trust: 1.0
url:	https://www.dlink.com/	Trust: 1.0

sources: NVD: CVE-2025-7192

SOURCES

db:

NVD

id:

CVE-2025-7192

LAST UPDATE DATE

2025-07-14T23:22:20.330000+00:00

SOURCES UPDATE DATE

db:

NVD

id:

CVE-2025-7192

date:

2025-07-14T15:15:31.173

SOURCES RELEASE DATE

db:

NVD

id:

CVE-2025-7192

date:

2025-07-08T20:15:30.830