Sign-up

ID

VAR-202509-1655


CVE

CVE-2025-10689


TITLE

D-Link Corporation  of  DIR-645  Injection Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-015561

DESCRIPTION

A vulnerability was identified in D-Link DIR-645 105B01. This issue affects the function soapcgi_main of the file /soap.cgi. Such manipulation of the argument service leads to command injection. The attack can be launched remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-10689 // JVNDB: JVNDB-2025-015561

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-645scope:eqversion:1.05b01

Trust: 1.0

vendor:d linkmodel:dir-645scope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-645scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dir-645scope:eqversion:dir-645 firmware 1.05b01

Trust: 0.8

sources: JVNDB: JVNDB-2025-015561 // NVD: CVE-2025-10689

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-10689
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2025-10689
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2025-015561
value: CRITICAL

Trust: 0.8

cna@vuldb.com: CVE-2025-10689
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-015561
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2025-10689
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-10689
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-015561
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-015561 // NVD: CVE-2025-10689 // NVD: CVE-2025-10689

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.0

problemtype:CWE-77

Trust: 1.0

problemtype:injection (CWE-74) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [NVD evaluation ]

Trust: 0.8

problemtype: Command injection (CWE-77) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-015561 // NVD: CVE-2025-10689

EXTERNAL IDS

db:NVDid:CVE-2025-10689

Trust: 2.6

db:VULDBid:324813

Trust: 1.8

db:JVNDBid:JVNDB-2025-015561

Trust: 0.8

sources: JVNDB: JVNDB-2025-015561 // NVD: CVE-2025-10689

REFERENCES

url:https://github.com/scanleale/iot_sec/blob/main/dir-645-soapcgi.pdf

Trust: 1.8

url:https://vuldb.com/?id.324813

Trust: 1.8

url:https://vuldb.com/?submit.653689

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/?ctiid.324813

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-10689

Trust: 0.8

sources: JVNDB: JVNDB-2025-015561 // NVD: CVE-2025-10689

SOURCES

db:JVNDBid:JVNDB-2025-015561
db:NVDid:CVE-2025-10689

LAST UPDATE DATE

2025-10-12T23:28:40.139000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-015561date:2025-10-09T08:00:00
db:NVDid:CVE-2025-10689date:2025-10-03T17:26:40.087

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-015561date:2025-10-09T00:00:00
db:NVDid:CVE-2025-10689date:2025-09-18T21:15:47.340