CVE-2018-25115

CWE-78 — OS Command Injection5 documents5 sources

Severity

10.0CRITICAL

EPSS

1.2%

top 21.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

D-link Dir-815 D-link Dir-110 D-link Dir-412 +4 more

Timeline

PublishedAug 27

Latest updateAug 28

Description

Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root priv…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages7 packages

▶NVDdlink/dir-815_firmware1.03

▶CVEListV5d-link/dir-815* — Version A 1.3

▶CVEListV5d-link/dir-110*

▶CVEListV5d-link/dir-412*

▶CVEListV5d-link/dir-600*

🔴Vulnerability Details

GHSA

GHSA-f5fw-w387-r642: Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1↗2025-08-28

▶

CVEList

D-Link DIR-110/412/600/615/645/815 RCE via service.cgi↗2025-08-27

▶

VulnCheck

D-Link dir-110_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')↗2018

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS D-Link service.cgi EVENT Parameter Command Injection Attempt (CVE-2018-25115)↗2025-08-28

▶