CVE-2025-44835 — Command Injection in Dlink Dir-816 A2 Firmware

CWE-77 — Command Injection3 documents3 sources

Severity

6.3MEDIUMNVD

EPSS

6.4%

top 8.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dir-816 A2 Firmware

Timeline

PublishedMay 1

Description

D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages1 packages

▶NVDdlink/dir-816_a2_firmware1.10b05

🔴Vulnerability Details

CVEList

CVE-2025-44835: D-Link DIR-816 A2V1↗2025-05-01

▶

GHSA

GHSA-8gr9-8p2v-p75h: D-Link DIR-816 A2V1↗2025-05-01

▶