Sign-up

ID

VAR-202512-2256


CVE

CVE-2025-14884


TITLE

D-Link Corporation of DIR-605  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-024315

DESCRIPTION

A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. Furthermore, an exploit has been published, which suggests that it can be exploited in the wild. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-14884 // JVNDB: JVNDB-2025-024315

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-605scope:eqversion:2.02ww

Trust: 1.0

vendor:d linkmodel:dir-605scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dir-605scope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-605scope:eqversion:dir-605 firmware 2.02ww

Trust: 0.8

sources: JVNDB: JVNDB-2025-024315 // NVD: CVE-2025-14884

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-14884
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-024315
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2025-14884
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-024315
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2025-14884
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-024315
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-024315 // NVD: CVE-2025-14884

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-74

Trust: 1.0

problemtype:injection (CWE-74) [NVD evaluation ]

Trust: 0.8

problemtype: injection (CWE-74) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-024315 // NVD: CVE-2025-14884

PATCH

title:Submit #715465url:https://tzh00203.notion.site/D-Link-DIR605-B1v202WWB03-Command-Injection-in-Firmware-Update-2cab5c52018a80de8df7f427ac2faf0e?source=copy_link

Trust: 0.8

sources: JVNDB: JVNDB-2025-024315

EXTERNAL IDS

db:NVDid:CVE-2025-14884

Trust: 2.6

db:VULDBid:337372

Trust: 1.0

db:JVNDBid:JVNDB-2025-024315

Trust: 0.8

sources: JVNDB: JVNDB-2025-024315 // NVD: CVE-2025-14884

REFERENCES

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/?submit.715465

Trust: 1.0

url:https://vuldb.com/?ctiid.337372

Trust: 1.0

url:https://vuldb.com/?id.337372

Trust: 1.0

url:https://tzh00203.notion.site/d-link-dir605-b1v202wwb03-command-injection-in-firmware-update-2cab5c52018a80de8df7f427ac2faf0e?source=copy_link

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-14884

Trust: 0.8

sources: JVNDB: JVNDB-2025-024315 // NVD: CVE-2025-14884

SOURCES

db:JVNDBid:JVNDB-2025-024315
db:NVDid:CVE-2025-14884

LAST UPDATE DATE

2026-01-14T23:37:53.626000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-024315date:2026-01-09T07:27:00
db:NVDid:CVE-2025-14884date:2026-01-07T20:15:01.147

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-024315date:2026-01-09T00:00:00
db:NVDid:CVE-2025-14884date:2025-12-18T17:15:47.480