Details of VAR-202511-2274

ID

VAR-202511-2274

CVE

CVE-2025-13562

DESCRIPTION

A vulnerability was identified in D-Link DIR-852 1.00. This issue affects some unknown processing of the file /gena.cgi. Such manipulation of the argument service leads to command injection. The attack can be executed remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.

Trust: 1.0

sources: NVD: CVE-2025-13562

AFFECTED PRODUCTS

vendor:

dlink

model:

dir-852

scope:

version:

1.00

Trust: 1.0

sources: NVD: CVE-2025-13562

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-13562
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2025-13562
value:	CRITICAL
Trust: 1.0

cna@vuldb.com:	CVE-2025-13562
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

cna@vuldb.com:	CVE-2025-13562
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	3.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-13562
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: NVD: CVE-2025-13562 // NVD: CVE-2025-13562

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	CWE-74	Trust: 1.0

sources: NVD: CVE-2025-13562

EXTERNAL IDS

db:	VULDB	id:	333327	Trust: 1.0
db:	NVD	id:	CVE-2025-13562	Trust: 1.0

sources: NVD: CVE-2025-13562

REFERENCES

url:	https://github.com/yzs17/cve/blob/main/dlink/dlink-dir852/rce2.md	Trust: 1.0
url:	https://vuldb.com/?ctiid.333327	Trust: 1.0
url:	https://vuldb.com/?id.333327	Trust: 1.0
url:	https://vuldb.com/?submit.697063	Trust: 1.0
url:	https://www.dlink.com/	Trust: 1.0

sources: NVD: CVE-2025-13562

SOURCES

db:

NVD

id:

CVE-2025-13562

LAST UPDATE DATE

2025-11-28T04:04:02.042000+00:00

SOURCES UPDATE DATE

db:

NVD

id:

CVE-2025-13562

date:

2025-11-26T17:28:15.490

SOURCES RELEASE DATE

db:

NVD

id:

CVE-2025-13562

date:

2025-11-23T18:15:54.823