CVE-2025-34125
published 2025-07-16CVE-2025-34125: An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version…
PriorityP274critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
3.13%
86.2th percentile
An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted cookie values are processed, allowing remote attackers to execute arbitrary commands on the underlying Linux operating system. Successful exploitation enables full system compromise.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| d-link | dsp-w110a1 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to the lighttpd web server on D-Link DSP-W110A1 devices for anomalous or oversized Cookie header values that contain shell metacharacters or command injection payloads (e.g., semicolons, backticks, $(), pipes). ↗
- →Exploitation requires no authentication; alert on unauthenticated HTTP requests carrying suspicious Cookie headers targeting D-Link DSP-W110A1 devices running firmware 1.05B01. ↗
- →A public Metasploit module exists for this vulnerability; detect exploitation attempts by correlating the module path `linux/http/dlink_dspw110_cookie_noauth_exec` in threat intel or IDS signatures. ↗
- ·Exploitation was validated in an emulated environment, not confirmed on physical hardware; detection fidelity on real devices may differ. ↗
- ·The vulnerability is specific to firmware version 1.05B01 on the D-Link DSP-W110A1; other firmware versions or hardware revisions may not be affected. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dlink_dspw110_cookie_noauth_exec.rbhttps://web.archive.org/web/20160125171424/https://github.com/darkarnium/secpub/tree/master/D-Link/DSP-W110https://www.exploit-db.com/exploits/37628https://www.vulncheck.com/advisories/dlink-dspw110a1-cookie-command-injection
2025-07-16
Published