CVE-2025-11665Command Injection in D-link Dap-2695

CWE-77Command InjectionCWE-78OS Command Injection3 documents3 sources
Severity
5.1MEDIUMNVD
EPSS
0.1%
top 74.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
D-link Dap-2695Dlink Dap-2695 Firmware
Timeline
PublishedOct 13

Description

A vulnerability was detected in D-Link DAP-2695 2.00RC131. This affects the function fwupdater_main of the file rgbin of the component Firmware Update Handler. Performing manipulation results in os command injection. The attack may be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5d-link/dap-26952.00RC131

🔴Vulnerability Details

2
GHSA
GHSA-rw57-g57h-8x5v: A vulnerability was detected in D-Link DAP-2695 22025-10-13
CVEList
D-Link DAP-2695 Firmware Update rgbin fwupdater_main os command injection2025-10-13
CVE-2025-11665 — Command Injection in D-link Dap-2695 | cvebase