CVE-2025-7192

CWE-74 CWE-77 — Command Injection CWE-401 — Memory Leak CWE-3075 documents5 sources

Severity

5.3MEDIUM

EPSS

0.3%

top 44.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dir-645 Firmware D-link Dir-645

Timeline

PublishedJul 8

Latest updateFeb 13

Description

A vulnerability was found in D-Link DIR-645 up to 1.05B01 and classified as critical. This issue affects the function ssdpcgi_main of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDdlink/dir-645_firmware1.05b01

▶CVEListV5d-link/dir-6451.05B01

🔴Vulnerability Details

GHSA

Wildfly Elytron integration susceptible to brute force attacks via CLI↗2026-02-13

▶

GHSA

GHSA-w9ww-h3pr-mc4g: A vulnerability was found in D-Link DIR-645 up to 1↗2025-07-08

▶

CVEList

D-Link DIR-645 ssdpcgi cgibin ssdpcgi_main command injection↗2025-07-08

▶

📋Vendor Advisories

Microsoft

Kernel: refcount leak in ctnetlink_create_conntrack()↗2024-01-09

▶