Sign-up

ID

VAR-202507-0585


CVE

CVE-2025-7553


TITLE

D-Link Systems, Inc.  of  DIR-818LW  Command injection vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-010356

DESCRIPTION

A vulnerability classified as critical has been found in D-Link DIR-818LW up to 20191215. This affects an unknown part of the component System Time Page. The manipulation of the argument NTP Server leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-818LW The firmware contains a command injection vulnerability. OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-818LW is a dual-band Gigabit cloud router that supports IEEE 802.11ac and IEEE 802.11n wireless standards, with wireless transmission speeds up to 433Mbps. It also provides one USB 2.0 port and four Gigabit wired ports. The D-Link DIR-818LW is vulnerable to a command injection vulnerability caused by the NTP Server parameter in the System Time Page component failing to properly sanitize special characters and commands in constructed commands. No detailed vulnerability details are currently available

Trust: 2.16

sources: NVD: CVE-2025-7553 // JVNDB: JVNDB-2025-010356 // CNVD: CNVD-2025-18503

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-18503

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-818lwscope:ltversion:20191215

Trust: 1.0

vendor:d linkmodel:dir-818lwscope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-818lwscope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dir-818lwscope:eqversion:dir-818lw firmware 20191215

Trust: 0.8

vendor:d linkmodel:dir-818lwscope:lteversion:<=20191215

Trust: 0.6

sources: CNVD: CNVD-2025-18503 // JVNDB: JVNDB-2025-010356 // NVD: CVE-2025-7553

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-7553
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2025-7553
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-010356
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-18503
value: MEDIUM

Trust: 0.6

cna@vuldb.com: CVE-2025-7553
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:L/AU:M/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-010356
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:L/AU:M/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-18503
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:L/AU:M/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-7553
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-7553
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-010356
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-18503 // JVNDB: JVNDB-2025-010356 // NVD: CVE-2025-7553 // NVD: CVE-2025-7553

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-78

Trust: 1.0

problemtype:Command injection (CWE-77) [ others ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-010356 // NVD: CVE-2025-7553

EXTERNAL IDS

db:NVDid:CVE-2025-7553

Trust: 3.2

db:VULDBid:316251

Trust: 1.8

db:JVNDBid:JVNDB-2025-010356

Trust: 0.8

db:CNVDid:CNVD-2025-18503

Trust: 0.6

sources: CNVD: CNVD-2025-18503 // JVNDB: JVNDB-2025-010356 // NVD: CVE-2025-7553

REFERENCES

url:https://vuldb.com/?id.316251

Trust: 1.8

url:https://vuldb.com/?submit.614928

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2025-7553

Trust: 1.4

url:https://vuldb.com/?ctiid.316251

Trust: 1.0

sources: CNVD: CNVD-2025-18503 // JVNDB: JVNDB-2025-010356 // NVD: CVE-2025-7553

SOURCES

db:CNVDid:CNVD-2025-18503
db:JVNDBid:JVNDB-2025-010356
db:NVDid:CVE-2025-7553

LAST UPDATE DATE

2025-08-15T23:13:38.002000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-18503date:2025-08-14T00:00:00
db:JVNDBid:JVNDB-2025-010356date:2025-07-31T08:53:00
db:NVDid:CVE-2025-7553date:2025-07-18T13:10:55.620

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-18503date:2025-08-14T00:00:00
db:JVNDBid:JVNDB-2025-010356date:2025-07-31T00:00:00
db:NVDid:CVE-2025-7553date:2025-07-14T00:15:25.347