CVE-2025-7553

CWE-77 — Command Injection CWE-78 — OS Command Injection3 documents3 sources

Severity

5.1MEDIUM

EPSS

0.2%

top 63.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dir-818lw Firmware D-link Dir-818lw

Timeline

PublishedJul 14

Description

A vulnerability classified as critical has been found in D-Link DIR-818LW up to 20191215. This affects an unknown part of the component System Time Page. The manipulation of the argument NTP Server leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDdlink/dir-818lw_firmware< 20191215

▶CVEListV5d-link/dir-818lw20191215

🔴Vulnerability Details

GHSA

GHSA-86cj-mgp6-w7fc: A vulnerability classified as critical has been found in D-Link DIR-818LW up to 20191215↗2025-07-14

▶

CVEList

D-Link DIR-818LW System Time Page os command injection↗2025-07-13

▶